From d2ffa389b8112282be1633bb4638f6f47e159299 Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Wed, 26 Oct 2016 18:52:53 +0300
Subject: seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute

shmat(..., SHM_EXEC) can be used to create writable and executable
memory, so let's block it when MemoryDenyWriteExecute is set.
---
 src/core/execute.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src/core')

diff --git a/src/core/execute.c b/src/core/execute.c
index 5e7d7c25d7..7b42ac7bdc 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -29,8 +29,10 @@
 #include <sys/mman.h>
 #include <sys/personality.h>
 #include <sys/prctl.h>
+#include <sys/shm.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
+#include <sys/types.h>
 #include <sys/un.h>
 #include <unistd.h>
 #include <utmpx.h>
@@ -1394,6 +1396,15 @@ static int apply_memory_deny_write_execute(const Unit* u, const ExecContext *c)
         if (r < 0)
                 goto finish;
 
+        r = seccomp_rule_add(
+                        seccomp,
+                        SCMP_ACT_ERRNO(EPERM),
+                        SCMP_SYS(shmat),
+                        1,
+                        SCMP_A2(SCMP_CMP_MASKED_EQ, SHM_EXEC, SHM_EXEC));
+        if (r < 0)
+                goto finish;
+
         r = seccomp_load(seccomp);
 
 finish:
-- 
cgit v1.2.3-54-g00ecf