From f3e43635932c14f8f0aea078adf3bfe09a9ba683 Mon Sep 17 00:00:00 2001 From: Topi Miettinen Date: Fri, 3 Jun 2016 15:58:18 +0000 Subject: core: Restrict mmap and mprotect with PAGE_WRITE|PAGE_EXEC (#3319) (#3379) New exec boolean MemoryDenyWriteExecute, when set, installs a seccomp filter to reject mmap(2) with PAGE_WRITE|PAGE_EXEC and mprotect(2) with PAGE_EXEC. --- man/systemd.exec.xml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'man') diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 58f18f3a9e..4a3dd14c39 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1388,6 +1388,22 @@ tmpfiles.d5. + + MemoryDenyWriteExecute= + + Takes a boolean argument. If set, attempts to create memory mappings that are writable and + executable at the same time, or to change existing memory mappings to become executable are prohibited. + Specifically, a system call filter is added that rejects + mmap2 + system calls with both PROT_EXEC and PROT_WRITE set + and mprotect2 + system calls with PROT_EXEC set. Note that this option is incompatible with programs + that generate program code dynamically at runtime, such as JIT execution engines, or programs compiled making + use of the code "trampoline" feature of various C compilers. This option improves service security, as it makes + harder for software exploits to change running code dynamically. + + + -- cgit v1.2.3-54-g00ecf