Re: [PATCH] ntdll: Handle executable file mappings from noexec filesystems

2010-12-11 Thread Marcus Meissner
On Fri, Dec 10, 2010 at 02:05:08PM -0800, Scott Ritchie wrote: > On 12/10/2010 06:44 AM, Alexandre Julliard wrote: > > Marcus Meissner writes: > > > >> At least map_file will copy the stuff into a new anon mapping and so make > >> it work. quake2 at least runs fully from a "noexec" mounted USB st

Re: [PATCH] ntdll: Handle executable file mappings from noexec filesystems

2010-12-10 Thread Scott Ritchie
On 12/10/2010 06:44 AM, Alexandre Julliard wrote: > Marcus Meissner writes: > >> At least map_file will copy the stuff into a new anon mapping and so make >> it work. quake2 at least runs fully from a "noexec" mounted USB stick. > > That should be considered a bug. If you mount it noexec it's be

Re: [PATCH] ntdll: Handle executable file mappings from noexec filesystems

2010-12-10 Thread Alexandre Julliard
Marcus Meissner writes: > At least map_file will copy the stuff into a new anon mapping and so make > it work. quake2 at least runs fully from a "noexec" mounted USB stick. That should be considered a bug. If you mount it noexec it's because you don't trust the code that it may contain... > Any

Re: [PATCH] ntdll: Handle executable file mappings from noexec filesystems

2010-12-10 Thread Marcus Meissner
On Fri, Dec 10, 2010 at 03:08:26PM +0100, Alexandre Julliard wrote: > Marcus Meissner writes: > > > The issue is that it worked before my last patch and still works. > > > > Or should we take care of not executing stuff from "noexec" filesystems > > as kind of policy rule? > > Yes. On systems th

Re: [PATCH] ntdll: Handle executable file mappings from noexec filesystems

2010-12-10 Thread Alexandre Julliard
Marcus Meissner writes: > The issue is that it worked before my last patch and still works. > > Or should we take care of not executing stuff from "noexec" filesystems > as kind of policy rule? Yes. On systems that enforce this correctly, if you ignore the error at that point you'll then get a m

Re: [PATCH] ntdll: Handle executable file mappings from noexec filesystems

2010-12-10 Thread Marcus Meissner
On Fri, Dec 10, 2010 at 02:01:18PM +0100, Alexandre Julliard wrote: > Marcus Meissner writes: > > > Hi, > > > > regression from my previous patch, which forced EXEC permissions on > > some mappings, which in turn gets EPERM when the filesystem is > > "noexec" mounted. > > I don't think that's a

Re: [PATCH] ntdll: Handle executable file mappings from noexec filesystems

2010-12-10 Thread Alexandre Julliard
Marcus Meissner writes: > Hi, > > regression from my previous patch, which forced EXEC permissions on > some mappings, which in turn gets EPERM when the filesystem is > "noexec" mounted. I don't think that's a good idea. If the filesystem is no exec we should report it and fail. -- Alexandre J