#14069: RTS linker maps code as writable -------------------------------------+------------------------------------- Reporter: bgamari | Owner: (none) Type: bug | Status: new Priority: high | Milestone: 8.4.1 Component: Runtime System | Version: 8.0.1 (Linker) | Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: None/Unknown | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Description changed by bgamari: Old description:
GHC's RTS linker maps executable code in writable pages, representing a significant potential exploit point for arbitrary code execution. OpenBSD disallows running program that do this by default.
Fix this.
New description: GHC's RTS linker maps executable code in writable pages, representing a significant potential exploit point for arbitrary code execution. OpenBSD disallows running program that do this by default. Instead we should first map pages as `PROT_READ | PROT_WRITE`, perform any necessary relocations (which requires writing), and then `mprotect` it to `PROT_READ | PROT_EXEC`. To find the relevant code grep for `PROT_EXEC` in the `rts/` directory. -- -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14069#comment:1 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler