Alexandre Julliard wrote:
Peter Beutner p.beutner@gmx.net writes:
But as linux can't just switch on/off the protection for specific processes, wine has to emulate it by marking all readable memory as executable as well. And as all this happens behind the application's back, I would still go with my first proposal to just pair every PROT_READ with a PROT_EXEC in dlls/ntdll/virtual.c:VIRTUAL_GetUnixProt().
Does that sound acceptable?
Given your investigations that sounds reasonable, yes, thanks for taking the time to look into this. Does something like this work for you?
Yes, it works. This should be pretty much equal to the default OptIn policy under windows, i.e. disable the protection for everyone unless the app explicitely say it can handle it. (except for the fact that wine always does this now, even if the cpu hasn't NX or something aquivalent.Shouldn't really hurt anyone though.)
diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c index 99c90c4..4d15779 100644 --- a/dlls/ntdll/loader.c +++ b/dlls/ntdll/loader.c @@ -2126,6 +2126,8 @@ void WINAPI LdrInitializeThunk( ULONG unknown1, ULONG unknown2, ULONG unknown3,
peb->ProcessParameters->ImagePathName = wm->ldr.FullDllName; version_init( wm->ldr.FullDllName.Buffer );
- if (!(nt->OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_NX_COMPAT))
VIRTUAL_SetForceExec( TRUE );
I'm not so sure about this, I think I read somewhere that each loaded DLL is checked for this not just the main exe and the protection is disabled if at least on module is not nx compatible. But as no wine dll is marked as NX_COMPAT(i assume) this would basically mean to always disable the protection. It probably doesn't hurt to leave it like this for now. The rest (build wine dlls with NX_COMPAT and do this check for every lib) can still be added later. I think it's not quite common anyway that the main exe is flagged as NX_COMPAT and some dll of the app is not ;)