Skip to content

Instantly share code, notes, and snippets.

Mark Montague markmont

Block or report user

Report or block markmont

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@markmont
markmont / m2-results.txt
Last active Aug 2, 2017
W^X test case using temporary file that is mmap()'d twice
View m2-results.txt
#
# Run under Fedora 26 with SELinux enabled
#
# /tmp must not be mounted noexec for this to work.
#
[markmont@f26docker examples]$ sudo setsebool selinuxuser_execstack=off deny_execmem=on
[sudo] password for markmont:
[markmont@f26docker examples]$ gcc -o m2 m2.c
[markmont@f26docker examples]$ ./m2
(dynamic) code returned 42
@markmont
markmont / m1-results.txt
Created Aug 2, 2017
W^X using mmap() and mprotect()
View m1-results.txt
#
# Run under Fedora 26 with SELinux enabled
#
[markmont@f26docker examples]$ sudo setsebool selinuxuser_execstack=off deny_execmem=on
[sudo] password for markmont:
[markmont@f26docker examples]$ gcc -o m1 m1.c
[markmont@f26docker examples]$ ./m1
mprotect failed to mark exec-only: Permission denied
markmont@f26docker examples]$ sudo grep denied /var/log/audit/audit.log | tail -1
type=AVC msg=audit(1501685251.234:287): avc: denied { execmem } for pid=14572 comm="m1" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0
@markmont
markmont / moarvm-latest-dyncall.txt
Last active Aug 1, 2017
Successful update of MoarVM to latest dyncall
View moarvm-latest-dyncall.txt
$ # Using Fedora 26 x86_64 with SELinux enabled
$ uname -a
Linux f26docker.catseye.org 4.11.11-300.fc26.x86_64 #1 SMP Mon Jul 17 16:32:11 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$ # Turn off executable stacks:
$ sudo setsebool selinuxuser_execstack off
[sudo] password for markmont:
$ getsebool selinuxuser_execstack
selinuxuser_execstack --> off
$ # Use Rakudo Star for simple testing:
$ tar zxf rakudo-star-2017.07.tar.gz
You can’t perform that action at this time.