I am studying for exam tomorrow and I ran across this question: After we

Question

0

Editorial Team

Asked: June 4, 20262026-06-04T10:27:25+00:00 2026-06-04T10:27:25+00:00

I am studying for exam tomorrow and I ran across this question: After we

0

I am studying for exam tomorrow and I ran across this question:

After we run an executable with strace the following syscalls result regarding standard C lib:

open(“/lib/libc.so.6”, “O_RDONLY”) = 3
mmap(NULL, 36803630, PROT_READ | PROT_EXEC, MAP_PRIVATE | MAP_DENYWRITE, 3, 0) =
0x7f312ab35000
mmap(0x7f312aeae000, 20480, PROT_READ | PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x179000) = 0x7f312aeae000

The question is why does the first syscall of mmap uses PROT_READ|PROT_EXEC and the second one PROT_READ|PROT_WRITE.

Please explain me what happens after each mmap call in detail. I don’t understand why a process would need to modify libc (write access).

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-04T10:27:28+00:00

Editorial Team

2026-06-04T10:27:28+00:00Added an answer on June 4, 2026 at 10:27 am

The maps are private (MAP_PRIVATE), so nothing is modifying libc.so; instead, it’s modifying a private (to the process) copy of pages mapped from libc.so. This will include the data segment (global variables in libc) as well as the Global Offset Table (GOT) and perhaps other structures involved in relocating the library to a particular address at runtime.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am studying for exam tomorrow and I ran across this question: After we

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply