> Yes, user applications should be allowed to mmap() from /dev/zero with > PROT_EXEC. (There should be *no* visible difference between using > /dev/zero and using MAP_ANON(YMOUS).)
> However, it also seems to me that it is appropriate for udev to mount > its tmpfs with noexec set -- there's no legitimate reason to put an > actual executable in there. I'd rather see this fixed in the kernel; > have it ignore the filesystem mount options when mapping from device > files. (There may be legitimate use cases for PROT_EXEC maps from > other device files, not just /dev/zero.) I don't think this is the right thing to do, and I really doubt the kernel will be changed. Ignoring the noexec option for device files is not only a visible change for userspace but it is a rather dangerous one. Either this change to udev should be reverted (or an "debian hardening option"). Or there is another filesystem where such devices are created and with symlinks in /dev. But I think reverting it es the better solution as it brings back semantics which were always valid not only in debian but in all other dristribution I know as well. I can't see any significant security win by the way. Udev creates the entries and controls ownership and permissons. If udev creates entries with wrong permissions the execution bit is not the thing I worry most. Regards, -- Wolfgang Walter Studentenwerk München Anstalt des öffentlichen Rechts Leiter EDV Leopoldstraße 15 80802 München
