NOT_PAX_ASLR_SAFE (was: Re: PaX mprotect now on for amd64)

To: current-users%netbsd.org@localhost, tech-pkg%netbsd.org@localhost
Subject: NOT_PAX_ASLR_SAFE (was: Re: PaX mprotect now on for amd64)
From: David Holland <dholland-current%netbsd.org@localhost>
Date: Sat, 28 May 2016 19:53:18 +0000

On Sun, May 22, 2016 at 04:44:08PM +0200, Thomas Klausner wrote:
 > > I wrote this mini-framework for paxctl(8) in pkgsrc:
 > > [...]
 > 
 > I don't like the variable names, since they do not provide a hint that
 > they are lists of file names, but I don't have a concrete better
 > proposal.

Neither does e.g. REPLACE_PYTHON; we've gotten used to that, but these
are new and will appear much less frequently.

What about

   ASLR_DISABLE_EXECUTABLES
   W_X_DISABLE_EXECUTABLES

?

PaX is not the only framework implementing these features and programs
will (in general) be incompatible with any implementation.

(For the same reason I'd say that rather than including pax.mk this
logic should be put somewhere such that it's available by default.)


(followups to tech-pkg)
-- 
David A. Holland
dholland%netbsd.org@localhost

References:
- PaX mprotect now on for amd64
  - From: Christos Zoulas
- Re: PaX mprotect now on for amd64
  - From: David Brownlee
- Re: PaX mprotect now on for amd64
  - From: Pierre Pronchery
- Re: PaX mprotect now on for amd64
  - From: Thomas Klausner

Prev by Date: Re: panic on boot
Next by Date: daily CVS update output
Previous by Thread: Re: PaX mprotect now on for amd64
Next by Thread: Some pkgsrc/mk/pax.mk suggestions (was: Re: PaX mprotect now on for amd64)
Indexes:

Home | Main Index | Thread Index | Old Index