What's the protection flags of memory allocated by malloc?

Question

According to this thread,memory allocated by malloc at least have PROT_READ | PROT_EXEC,otherwise the contaned function can\'t be executed .

<

Answer 1

You may need to call mprotect to set the PROT_EXEC flag yourself, after the memory has been allocated.

$ man mprotect

Answer 2

malloc is not the right tool for allocating memory for code. You should use mmap, and depending on the paranoid security policies on your system, you might need to use mprotect too for changing the permissions.

Among the reasons malloc is not the right tool:

• Permissions are set only with page granularity, but memory obtained by malloc is unlikely to be page-aligned, and thus you'll end up setting permissions on adjacent memory too, possibly breaking things.
• If you don't restore the old permissions before calling free, you might break malloc's internals.

Answer 3

malloc() will normally return memory with read and write permissions. Some architectures (e.g: older x86) may not allow disabling execute permission in a straightforward way, but that's just a defficiency of the platform.

If you want to execute code from memory you allocated, you'll have to give execute permissions explicitly, and possibly you'll have to remove write permissions, since having both write and execute permissions on the same memory is considered potentially dangerous on some systems (commonly referred as W^X).

There have been several other threads on executing code from memory allocated by the programmer:

Allocate executable ram in c on linux
Is it possible to execute code from the stack in standard C?