[MLton] reason for mprotect with PROT_EXEC ?
Wesley W. Terpstra
wesley at terpstra.ca
Thu Feb 7 05:07:07 PST 2008
On Feb 7, 2008, at 2:26 AM, Adam Goode wrote:
> runtime/platform/mmap-protect.c line 10 contains an mprotect with
> PROT_READ | PROT_WRITE | PROT_EXEC.
>
> Is PROT_EXEC needed? I'm asking because MLton compiled executables
> will
> fail on Fedora 9 with this.
Why does it fail? This must be possible because mprotect is also used
to setup the maps of the executable itself.
> The function is GC_mmapAnon_safe_protect, and it looks like it is only
> called once, through GC_init and initSignalStack. I doubt the signal
> stack needs to be executable, but I am not totally sure. Am I right
> that
> profiling is the only thing that uses the signal stack?
On some platforms the linux kernel places a "trampoline" on the stack
as part of invoking a signal handler. If the stack is not executable,
this will cause the program to segfault. In MLton, having an
executable stack isn't as much of a concern as it would be in most
programs, since hopefully the usage of C is small and stack overflows
are impossible in ML.
> I think we should take out the PROT_EXEC. If we don't, all MLton
> compiled executables will need to be given special privileges to run
> on
> Fedora 9.
What architecture are we talking about? i386 and amd64? If so, then I
see no harm in removing PROT_EXEC for those specifically, but you
can't get rid of it.
Is Fedora 9 using some sort of SELinux? Since when does using
PROT_EXEC require extra privileges?
More information about the MLton
mailing list