From ad262caef9f095e00ce51945020142838d93960e Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 18 Aug 2017 08:09:38 -0400
Subject: memory-deny-write-execute testing

---
 src/fseccomp/seccomp.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/fseccomp/seccomp.c')

diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c
index c49681476..0112d8aec 100644
--- a/src/fseccomp/seccomp.c
+++ b/src/fseccomp/seccomp.c
@@ -237,6 +237,7 @@ void memory_deny_write_execute(const char *fname) {
 		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_WRITE|PROT_EXEC, 0, 1),
 		KILL_PROCESS,
 		RETURN_ALLOW,
+
 		// block mprotect(,,PROT_EXEC) so writable memory can't be turned into executable
 		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_mprotect, 0, 5),
 		EXAMINE_ARGUMENT(2),
@@ -244,6 +245,9 @@ void memory_deny_write_execute(const char *fname) {
 		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1),
 		KILL_PROCESS,
 		RETURN_ALLOW,
+
+// shmat is not implemented as a syscall on some platforms (i386, possibly arm)
+#ifdef SYS_shmat
 		// block shmat(,,x|SHM_EXEC) so W&X shared memory can't be created
 		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_shmat, 0, 5),
 		EXAMINE_ARGUMENT(2),
@@ -251,6 +255,7 @@ void memory_deny_write_execute(const char *fname) {
 		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SHM_EXEC, 0, 1),
 		KILL_PROCESS,
 		RETURN_ALLOW
+#endif
 	};
 	write_to_file(fd, filter, sizeof(filter));
 
-- 
cgit v1.2.3-70-g09d2