Compiling PAX support in Xen dom0+domU

To: port-xen <port-xen%NetBSD.org@localhost>
Subject: Compiling PAX support in Xen dom0+domU
From: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Date: Thu, 17 Dec 2009 00:41:26 +0100

Dear lists,

Would anyone object if PaX support (ASLR and mprotect) is compiled in bydefault for Xen dom0 and domU? This would bring the Xen kernels closerto what native x86 provide in terms of exploit mitigation.

Kernels will get bigger by ~4k. sysctl, paxctl(8) usage would be theexact same as for native i386 and amd64.


See security(8) if you want to know what PaX is.

Cheers,

--
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost

Follow-Ups:
- Re: Compiling PAX support in Xen dom0+domU
  - From: Manuel Bouyer

Prev by Date: Re: sysinst split project - The Configuration File
Next by Date: Re: common configuration format (was Re: sysinst split project - The Configuration File)
Previous by Thread: has anyone besides me tried to build any evbmips kernels lately?
Next by Thread: Re: Compiling PAX support in Xen dom0+domU
Indexes:

Home | Main Index | Thread Index | Old Index