On Mon, 2009-08-24 at 01:25 +0200, Thomas Bächler wrote:
Jan de Groot schrieb:
On Sun, 2009-08-23 at 19:06 -0300, Gerardo Exequiel Pozzi wrote:
Hi
Please revert the last commit[#1], mounting /dev as NOEXEC is incorrect. This break nvidia GLX extension, vmware, mplayer and possible others programs that uses mmap() with execute privilege.
PS: I guess that setting a size is "redundant"
I already asked Gerardo in private: Can anyone provide any reference as to why noexec will prevent programs from working?
Some applications like the ones mentioned in the original post will mmap files in /dev/ with the PROT_EXEC flag. When the filesystem is mounted as noexec, these mmap operations will fail. Even if the program doesn't execute anything used in the mmap operation, the whole mmap operation will just fail when this flag is set on a noexec filesystem.