version 1.103, 2007/01/11 14:26:07 |
version 1.104, 2007/02/03 01:11:50 |
Line 406 sys_mmap(l, v, retval) |
|
Line 406 sys_mmap(l, v, retval) |
|
goto is_anon; |
goto is_anon; |
} |
} |
|
|
#if NVERIEXEC > 0 |
|
/* |
|
* If we are mapping the file as executable, we expect to |
|
* have the VERIEXEC_INDIRECT flag set for the entry if it |
|
* exists. |
|
*/ |
|
if (prot & VM_PROT_EXECUTE) { |
|
if (veriexec_verify(l, vp, "(mmap)", VERIEXEC_INDIRECT, |
|
NULL) != 0) |
|
return (EPERM); |
|
} |
|
#endif /* NVERIEXEC > 0 */ |
|
|
|
/* |
/* |
* Old programs may not select a specific sharing type, so |
* Old programs may not select a specific sharing type, so |
* default to an appropriate one. |
* default to an appropriate one. |
Line 453 sys_mmap(l, v, retval) |
|
Line 440 sys_mmap(l, v, retval) |
|
|
|
maxprot = VM_PROT_EXECUTE; |
maxprot = VM_PROT_EXECUTE; |
|
|
|
#if NVERIEXEC > 0 |
|
/* |
|
* Check if the file can be executed indirectly. |
|
*/ |
|
if (veriexec_verify(l, vp, "(mmap)", VERIEXEC_INDIRECT, NULL)) { |
|
/* |
|
* Don't allow executable mappings if we can't |
|
* indirectly execute the file. |
|
*/ |
|
if (prot & VM_PROT_EXECUTE) |
|
return (EPERM); |
|
|
|
/* |
|
* Strip the executable bit from 'maxprot' to make sure |
|
* it can't be made executable later. |
|
*/ |
|
maxprot &= ~VM_PROT_EXECUTE; |
|
} |
|
#endif /* NVERIEXEC > 0 */ |
|
|
/* check read access */ |
/* check read access */ |
if (fp->f_flag & FREAD) |
if (fp->f_flag & FREAD) |
maxprot |= VM_PROT_READ; |
maxprot |= VM_PROT_READ; |