0

I am running the C program below and getting different results when executing it on RHEL 5.11 versus RHEL 6.8. On 5.11, the output is:

Page size is 4096

Memory allocated by memalign() at 0x12791000

mprotect success

While on 6.8, the output is:

Page size is 4096

Memory allocated by memalign() at 0xea6000

mprotect failed: Permission denied

Does anyone have any I idea why this is happening? Is there a kernel parameter that I need to set?

Here is the C program:

#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <malloc.h>
#include <sys/mman.h>

static void domp( void *, long );

static void domp( void *pmem, long psz ) {
    if (mprotect( pmem, psz, PROT_READ | PROT_WRITE | PROT_EXEC ) == -1) {
       perror( "mprotect failed" );
    } else {
       printf( "mprotect success\n" );
    }
}

int main( int argc, char *argv[] ) {
    long lpsz;
    void *lmem;

    lpsz = sysconf(_SC_PAGESIZE);
    printf( "Page size is %ld\n", lpsz );

    if ((lmem = memalign( lpsz, lpsz )) == NULL) {
       perror( "memalign failed" );
       exit (-1);
    }
    printf( "Memory allocated by memalign() at %p\n", lmem );
    domp( lmem, lpsz );

    return 0;
}
K.Lawrence
  • 1
  • 1
  • 1
    SELinux, maybe? It is considered a security risk to combine `PROT_WRITE` and `PROT_EXEC` at the same time. Sensible applications will write the code first and then change to `PROT_READ | PROT_EXEC`. – rodrigo Dec 15 '16 at 22:49

1 Answers1

1

That's likely selinux.

However, the real question is why are you calling mprotect on something you did not explicitly mmap. In fact, why don't you just use mmap if you really need different permissions? Bonus question is why do you think you need PROT_EXEC.