[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netbsd-current-users
Subject:    NOT_PAX_ASLR_SAFE (was: Re: PaX mprotect now on for amd64)
From:       David Holland <dholland-current () netbsd ! org>
Date:       2016-05-28 19:53:18
Message-ID: 20160528195318.GA12715 () netbsd ! org
[Download RAW message or body]

On Sun, May 22, 2016 at 04:44:08PM +0200, Thomas Klausner wrote:
 > > I wrote this mini-framework for paxctl(8) in pkgsrc:
 > > [...]
 > 
 > I don't like the variable names, since they do not provide a hint that
 > they are lists of file names, but I don't have a concrete better
 > proposal.

Neither does e.g. REPLACE_PYTHON; we've gotten used to that, but these
are new and will appear much less frequently.

What about

   ASLR_DISABLE_EXECUTABLES
   W_X_DISABLE_EXECUTABLES

?

PaX is not the only framework implementing these features and programs
will (in general) be incompatible with any implementation.

(For the same reason I'd say that rather than including pax.mk this
logic should be put somewhere such that it's available by default.)


(followups to tech-pkg)
-- 
David A. Holland
dholland@netbsd.org
[prev in list] [next in list] [prev in thread] [next in thread]