cursor: memfd_create: try MFD_NOEXEC_SEAL - wayland

diff options

author	6t8k <6t8k@noreply.codeberg.org>	2023-10-14 23:25:48 +0200
committer	6t8k <6t8k@noreply.codeberg.org>	2024-04-21 19:17:46 +0200
commit	03e304544b9b01c175813215f5930a07152be448 (patch)
tree	30b174757b831c0a46bd45815518db266750e853 /tests/cpp-compile-test.cpp
parent	ci: turn on -Dwerror=true for FreeBSD (diff)
download	wayland-03e304544b9b01c175813215f5930a07152be448.tar wayland-03e304544b9b01c175813215f5930a07152be448.tar.gz wayland-03e304544b9b01c175813215f5930a07152be448.tar.bz2 wayland-03e304544b9b01c175813215f5930a07152be448.tar.lz wayland-03e304544b9b01c175813215f5930a07152be448.tar.xz wayland-03e304544b9b01c175813215f5930a07152be448.tar.zst wayland-03e304544b9b01c175813215f5930a07152be448.zip

cursor: memfd_create: try MFD_NOEXEC_SEAL

Effective from Linux 6.3 onward, this creates the memfd without execute permissions and prevents that setting from ever being changed. A run-time fallback is made to not using MFD_NOEXEC_SEAL when a libwayland-cursor compiled on Linux >= 6.3 is run on Linux < 6.3. This is a defense-in-depth security measure and silences a respective kernel warning; see: https://lwn.net/Articles/918106/ This implementation is adopted from dnkl's `foot` terminal emulator. Signed-off-by: 6t8k <6t8k@noreply.codeberg.org>

Diffstat (limited to 'tests/cpp-compile-test.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: