From 58d258038fcf0d87bba2df37c21573fd1e9b5de7 Mon Sep 17 00:00:00 2001 From: LRFLEW Date: Wed, 20 Jan 2016 10:11:51 -0700 Subject: [PATCH] Improve security on OSX and Linux --- OpenRCT2.xcodeproj/project.pbxproj | 12 ++++++------ src/hook.c | 12 ++++++++++++ src/openrct2.c | 2 +- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/OpenRCT2.xcodeproj/project.pbxproj b/OpenRCT2.xcodeproj/project.pbxproj index ef26e38852..f22aa4ea58 100644 --- a/OpenRCT2.xcodeproj/project.pbxproj +++ b/OpenRCT2.xcodeproj/project.pbxproj @@ -1600,7 +1600,7 @@ "-segprot", rct2_text, rwx, - rwx, + rx, "-sectcreate", rct2_data, __data, @@ -1610,8 +1610,8 @@ 0x8a4000, "-segprot", rct2_data, - rwx, - rwx, + rw, + rw, ); PRODUCT_BUNDLE_IDENTIFIER = website.openrct2.OpenRCT2; PRODUCT_NAME = "$(TARGET_NAME)"; @@ -1646,7 +1646,7 @@ "-segprot", rct2_text, rwx, - rwx, + rx, "-sectcreate", rct2_data, __data, @@ -1656,8 +1656,8 @@ 0x8a4000, "-segprot", rct2_data, - rwx, - rwx, + rw, + rw, ); PRODUCT_BUNDLE_IDENTIFIER = website.openrct2.OpenRCT2; PRODUCT_NAME = "$(TARGET_NAME)"; diff --git a/src/hook.c b/src/hook.c index 24b4b1278c..191516d301 100644 --- a/src/hook.c +++ b/src/hook.c @@ -242,7 +242,19 @@ void addhook(int address, int newaddress, int stacksize, int registerargs[], int WriteProcessMemory(GetCurrentProcess(), (LPVOID)address, data, i, 0); #else // We own the pages with PROT_WRITE | PROT_EXEC, we can simply just memcpy the data + int err = mprotect((void *)0x401000, 0x8a4000 - 0x401000, PROT_READ | PROT_WRITE); + if (err != 0) + { + perror("mprotect"); + } + memcpy((void *)address, data, i); + + err = mprotect((void *)0x401000, 0x8a4000 - 0x401000, PROT_READ | PROT_EXEC); + if (err != 0) + { + perror("mprotect"); + } #endif // __WINDOWS__ hookfunc(hookaddress, newaddress, stacksize, registerargs, registersreturned, eaxDestinationRegister); g_hooktableoffset++; diff --git a/src/openrct2.c b/src/openrct2.c index 5fbe864219..f9b55dd7e6 100644 --- a/src/openrct2.c +++ b/src/openrct2.c @@ -548,7 +548,7 @@ bool openrct2_setup_rct2_segment() log_error("At least one of required pages was not found in memory. This can cause segfaults later on."); } // section: text - err = mprotect((void *)0x401000, 0x8a4000 - 0x401000, PROT_READ | PROT_WRITE | PROT_EXEC); + err = mprotect((void *)0x401000, 0x8a4000 - 0x401000, PROT_READ | PROT_EXEC); if (err != 0) { perror("mprotect");