nix icon indicating copy to clipboard operation
nix copied to clipboard

Published 20 hours ago verified publisher icon nix-rust

sys::mman add netbsd's PROT_MPROTECT macro

Open devnexen opened this issue 1 year ago • 2 comments

devnexen avatar Oct 14 '23 10:10 devnexen

Could you please explain what this is and how it can be properly used to me?

As a NetBSD extension, the PROT_MPROTECT macro can be used to request additional permissions for later use with mprotect(2). For example PROT_MPROTECT(PROT_READ) requests that future PROT_READ mappings are allowed and can be enabled using mprotect(2), but does not currently grant read mappings to the returned memory segment.

After reading the related manual pages and the test code provided in this PR, I am still confused about the functionality of this macro.

Per the mprotect(2) manual:

EACCESS: The new protection is less restrictive than the protection originally set with mmap(2).

You will get an EACCESS error if you reset the permission that is less restrictive than the original one given in the mmap(2) call on NetBSD, does this macro solve that error and thus allow additional permissions to be added?

SteveLauC avatar Nov 07 '23 07:11 SteveLauC

Could you please explain what this is and how it can be properly used to me?

As a NetBSD extension, the PROT_MPROTECT macro can be used to request additional permissions for later use with mprotect(2). For example PROT_MPROTECT(PROT_READ) requests that future PROT_READ mappings are allowed and can be enabled using mprotect(2), but does not currently grant read mappings to the returned memory segment.

After reading the related manual pages and the test code provided in this PR, I am still confused about the functionality of this macro.

Per the mprotect(2) manual:

EACCESS: The new protection is less restrictive than the protection originally set with mmap(2).

You will get an EACCESS error if you reset the permission that is less restrictive than the original one given in the mmap(2) call on NetBSD, does this macro solve that error and thus allow additional permissions to be added?

This macro is for mprotect so let 's say you do this for mmap with this flag PROT_READ | PROT_WRITE | PROT_MPROTECT(PROT_EXEC) the actual page won t have PROT_EXEC flag allowed until mprotect request it, if that makes sense

devnexen avatar Nov 07 '23 07:11 devnexen