Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Compiling PAX support in Xen dom0+domU

Dear lists,

Would anyone object if PaX support (ASLR and mprotect) is compiled in by default for Xen dom0 and domU? This would bring the Xen kernels closer to what native x86 provide in terms of exploit mitigation.

Kernels will get bigger by ~4k. sysctl, paxctl(8) usage would be the exact same as for native i386 and amd64.

See security(8) if you want to know what PaX is.


Jean-Yves Migeon

Home | Main Index | Thread Index | Old Index