[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: NetBSD + ASLR
I'm confused. Is this feature only in the HEAD branch? I installed 5.0.1, and I have the man pages. I also have the following in my kernel config
michael# config -x ./netbsd | grep ASLR
options PAX_ASLR=0 # PaX Address Space Layout Randomization
but I get this from sysctl
michael# sysctl -a | grep security
security.curtain = 0
security.models.bsd44.name = Traditional NetBSD (4.4BSD)
security.models.bsd44.securelevel = -1
security.models.bsd44.curtain = 0
see, something is missing. Is it because I'm not using -current?
On Fri, Jul 18, 2008 at 5:41 PM, Jukka Ruohonen <jukka.ruohonen%iki.fi@localhost>
On Fri, Jul 18, 2008 at 05:58:14PM -0400, Christos Zoulas wrote:Few words about personal experiences.
> You can build everything PIE if you set MKPIE=yes in /etc/mk.conf.
> Note that I have not built a complete PIE system, or turned on
> security.pax.aslr.global. If you do that you are on your own :-)
I haven't tried building a system with MKPIE=yes lately because it was
broken a long time somewhere in the path of 4.99.x. Compared to this,
USE_SSP=yes has been much more stable.
But I have used security.pax.aslr.global ever since it was introduced. As
long as I remember to temporarily turn it off when compiling something,
everything is fine and haven't noticed any stability or performance impacts
Main Index |
Thread Index |