Search $LIBFFI_TMPDIR also (#605) Most temp file directories need to be hardened against execution, but libffi needs execute privileges. Add a libffi-specific temp directory that can be set up by sysadmins as needed with suitable permissions. This both ensures that libffi will have a valid temp directory to use as well as preventing attempts to access other directories.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
diff --git a/doc/libffi.texi b/doc/libffi.texi
index 79f9377..28f0e6a 100644
--- a/doc/libffi.texi
+++ b/doc/libffi.texi
@@ -65,6 +65,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@menu
* Introduction:: What is libffi?
* Using libffi:: How to use libffi.
+* Memory Usage:: Where memory for closures comes from.
* Missing Features:: Things libffi can't do.
* Index:: Index.
@end menu
@@ -970,6 +971,55 @@ Currently the only affected platform is PowerPC and the only affected
type is @code{long double}.
@end itemize
+@node Memory Usage
+@chapter Memory Usage
+
+Note that memory allocated by @code{ffi_closure_alloc} and freed by
+@code{ffi_closure_free} does not come from the same general pool of
+memory that @code{malloc} and @code{free} use. To accomodate security
+settings, @samp{libffi} may aquire memory, for example, by mapping
+temporary files into multiple places in the address space (once to
+write out the closure, a second to execute it). The search follows
+this list, using the first that works:
+
+@itemize @bullet
+
+@item
+A anonymous mapping (i.e. not file-backed)
+
+@item
+@code{memfd_create()}, if the kernel supports it.
+
+@item
+A file created in the directory referenced by the environment variable
+@code{LIBFFI_TMPDIR}.
+
+@item
+Likewise for the environment variable @code{TMPDIR}.
+
+@item
+A file created in @code{/tmp}.
+
+@item
+A file created in @code{/var/tmp}.
+
+@item
+A file created in @code{/dev/shm}.
+
+@item
+A file created in the user's home directory (@code{$HOME}).
+
+@item
+A file created in any directory listed in @code{/etc/mtab}.
+
+@item
+A file created in any directory listed in @code{/proc/mounts}.
+
+@end itemize
+
+If security settings prohibit using any of these for closures,
+@code{ffi_closure_alloc} will fail.
+
@node Missing Features
@chapter Missing Features
diff --git a/src/closures.c b/src/closures.c
index 3a63c32..3558d78 100644
--- a/src/closures.c
+++ b/src/closures.c
@@ -695,6 +695,7 @@ static struct
#ifdef HAVE_MEMFD_CREATE
{ open_temp_exec_file_memfd, "libffi", 0 },
#endif
+ { open_temp_exec_file_env, "LIBFFI_TMPDIR", 0 },
{ open_temp_exec_file_env, "TMPDIR", 0 },
{ open_temp_exec_file_dir, "/tmp", 0 },
{ open_temp_exec_file_dir, "/var/tmp", 0 },