From b8142004b0e649ab34f5c5c21561d9f9cbdb49d8 Mon Sep 17 00:00:00 2001
From: Stuart Henderson <sthen@cvs.openbsd.org>
Date: Sat, 4 Jun 2016 16:43:44 +0000
Subject: If a process trips the W^X violation check, abort it unless it came
 from a filesystem with the wxallowed flag set.  ok deraadt

Current status:

Filesystem	Binary		Action
----------	------		------
wxallowed	normal		violation -> log but don't abort
wxallowed	wxneeded	W^X silently allowed
normal		normal		violation -> abort
normal		wxneeded	process won't run at all

See http://www.openbsd.org/faq/current.html#r20160527
---
 sys/uvm/uvm_mmap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'sys/uvm/uvm_mmap.c')

diff --git a/sys/uvm/uvm_mmap.c b/sys/uvm/uvm_mmap.c
index 0911b9689d2..7497c983a9e 100644
--- a/sys/uvm/uvm_mmap.c
+++ b/sys/uvm/uvm_mmap.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uvm_mmap.c,v 1.131 2016/06/02 17:05:58 schwarze Exp $	*/
+/*	$OpenBSD: uvm_mmap.c,v 1.132 2016/06/04 16:43:43 sthen Exp $	*/
 /*	$NetBSD: uvm_mmap.c,v 1.49 2001/02/18 21:19:08 chs Exp $	*/
 
 /*
@@ -328,7 +328,7 @@ uvm_wxcheck(struct proc *p, char *call)
 	if (p->p_p->ps_wxcounter++ == 0)
 		log(LOG_NOTICE, "%s(%d): %s W^X violation\n",
 		    p->p_comm, p->p_pid, call);
-	if (uvm_wxabort) {
+	if (!wxallowed || uvm_wxabort) {
 		struct sigaction sa;
 
 		/* Send uncatchable SIGABRT for coredump */
-- 
cgit v1.2.3