But this is not the checks - just a flag, MAP_EXECUTABLE, whichWhat if the currently-unused MAP_EXECUTABLE flag became aYes, but it doesn't solve the fact that there isn't really anything special about ld.so, so putting special checks into it doesn't really
way for the program to express that it needs an exec perm,
and so the mmap should fail if there is none? I think ld.so
will be happy using such a flag...
Also, I guess there's the general question of what the noexec mount flag really means? Does it mean "make the execve syscall fail", or does it mean "no bits on this filesystem may be interpreted as instructions".Since PROT_EXEC doesn't require an exec perm on file, I don't
The former is simple to implement, but probably not very useful; theIt can be usefull if you put it on all the user-writable
latter is not possible to implement in general.At least without selinux - yes, so my question was why to