On 05/15/16 10:22, David Brownlee wrote:
On 14 May 2016 at 18:09, Christos Zoulas <christos%zoulas.com@localhost> wrote:I just turned on mprotect for amd64. The following sysctls have been set to 1 security.pax.mprotect.enable=1 security.pax.mprotect.global=1 [...] This breaks programs that need to map segments both writable and executable, for example java. To fix them you can: paxctl +m /path/to/bin/java[...] Would it make sense to (possibly optionally) integrate this into pkgsrc builds for at least java? (the paxctl +m call)
I wrote this mini-framework for paxctl(8) in pkgsrc: http://git.edgebsd.org/gitweb/?p=edgebsd-pkgsrc.git;a=commitdiff;h=f1354300f9d734202bd0ce49b33d74f455aea9e1 and addressed some concerns there: http://git.edgebsd.org/gitweb/?p=edgebsd-pkgsrc.git;a=commitdiff;h=4ed2e62c4e7416abbf6eba9887cdc5e2c6997c67 Let me know if I should import it, or about any concerns. Cheers, -- khorben