RTS linker maps code as writable
GHC's RTS linker maps executable code in writable pages, representing a significant potential exploit point for arbitrary code execution. OpenBSD disallows running program that do this by default.
Instead we should first map pages as PROT_READ | PROT_WRITE
, perform any necessary relocations (which requires writing), and then mprotect
it to PROT_READ | PROT_EXEC
.
To find the relevant code grep for PROT_EXEC
in the rts/
directory.