1 files changed, 10 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 87302a49067b..ad725213f568 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2488,6 +2488,16 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
                if (rc)
                        return rc;
        }
+        if (!vma->vm_file && (prot & PROT_EXEC) &&
+                vma->vm_start <= vma->vm_mm->start_stack &&
+                vma->vm_end >= vma->vm_mm->start_stack) {
+                /* Attempt to make the process stack executable.
+                 * This has an additional execstack check.
+                 */
+                rc = task_has_perm(current, current, PROCESS__EXECSTACK);
+                if (rc)
+                        return rc;
+        }
 #endif
        return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 87302a49067b..ad725213f568 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -2488,6 +2488,16 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
2488	if (rc)	2488	if (rc)
2489	return rc;	2489	return rc;
2490	}	2490	}
		2491	if (!vma->vm_file && (prot & PROT_EXEC) &&
		2492	vma->vm_start <= vma->vm_mm->start_stack &&
		2493	vma->vm_end >= vma->vm_mm->start_stack) {
		2494	/* Attempt to make the process stack executable.
		2495	* This has an additional execstack check.
		2496	*/
		2497	rc = task_has_perm(current, current, PROCESS__EXECSTACK);
		2498	if (rc)
		2499	return rc;
		2500	}
2491	#endif	2501	#endif
2492		2502
2493	return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);	2503	return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);