[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Compiling PAX support in Xen dom0+domU
Would anyone object if PaX support (ASLR and mprotect) is compiled in by
default for Xen dom0 and domU? This would bring the Xen kernels closer
to what native x86 provide in terms of exploit mitigation.
Kernels will get bigger by ~4k. sysctl, paxctl(8) usage would be the
exact same as for native i386 and amd64.
See security(8) if you want to know what PaX is.
Main Index |
Thread Index |