From: deraadt <deraadt@openbsd.org>
Date: Sat, 8 Oct 2022 17:03:09 +0000 (+0000)
Subject: The stack can also be marked immutable, because we expect no sane program
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=14839093e1f153b210299e0a6a1ef33bc814e33e;p=openbsd

The stack can also be marked immutable, because we expect no sane program
to try to change the permissions of it.  We won't know who's trying that
until we enable it and see what breaks.
A tricky piece relating to setrlimit stack size changing was previously commited.
ok kettenis
---

diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index af474ee7d8d..8f9fc6ec8cd 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_exec.c,v 1.233 2022/10/08 16:58:34 deraadt Exp $	*/
+/*	$OpenBSD: kern_exec.c,v 1.234 2022/10/08 17:03:09 deraadt Exp $	*/
 /*	$NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $	*/
 
 /*-
@@ -476,6 +476,9 @@ sys_execve(struct proc *p, void *v, register_t *retval)
                 goto exec_abort;
 #endif
 
+	uvm_map_immutable(&p->p_vmspace->vm_map, (vaddr_t)vm->vm_maxsaddr,
+	    (vaddr_t)vm->vm_minsaddr, 1, "stack");
+
 	memset(&arginfo, 0, sizeof(arginfo));
 
 	/* remember information about the process */