From 14839093e1f153b210299e0a6a1ef33bc814e33e Mon Sep 17 00:00:00 2001 From: deraadt Date: Sat, 8 Oct 2022 17:03:09 +0000 Subject: [PATCH] The stack can also be marked immutable, because we expect no sane program to try to change the permissions of it. We won't know who's trying that until we enable it and see what breaks. A tricky piece relating to setrlimit stack size changing was previously commited. ok kettenis --- sys/kern/kern_exec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index af474ee7d8d..8f9fc6ec8cd 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_exec.c,v 1.233 2022/10/08 16:58:34 deraadt Exp $ */ +/* $OpenBSD: kern_exec.c,v 1.234 2022/10/08 17:03:09 deraadt Exp $ */ /* $NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $ */ /*- @@ -476,6 +476,9 @@ sys_execve(struct proc *p, void *v, register_t *retval) goto exec_abort; #endif + uvm_map_immutable(&p->p_vmspace->vm_map, (vaddr_t)vm->vm_maxsaddr, + (vaddr_t)vm->vm_minsaddr, 1, "stack"); + memset(&arginfo, 0, sizeof(arginfo)); /* remember information about the process */ -- 2.20.1