Post Syndicated from original https://lwn.net/Articles/918106/

The memfd interface is a bit of a strange and Linux-specific beast; it was
initially created to support the secure
passing of data between cooperating processes on a single system. It has
since gained other roles, but it may still come as a surprise to some to
learn that memory regions created for memfds, unlike almost any other data
area, have the execute permission bit set. That can facilitate attacks; this
patch set from Jeff Xu proposes an addition to the memfd API to close
that hole.