[src/trunk]: src/sys/arch/amd64/conf Turn on MPROTECT on GENERIC and both MPR...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/ef78626cf4b0
branches:  trunk
changeset: 345252:ef78626cf4b0
user:      christos <christos%NetBSD.org@localhost>
date:      Sat May 14 17:11:30 2016 +0000

description:
Turn on MPROTECT on GENERIC and both MPROTECT and ASLR on XEN*

diffstat:

 sys/arch/amd64/conf/GENERIC   |  6 +++---
 sys/arch/amd64/conf/XEN3_DOM0 |  6 +++---
 sys/arch/amd64/conf/XEN3_DOMU |  6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diffs (66 lines):

diff -r 2e05625da743 -r ef78626cf4b0 sys/arch/amd64/conf/GENERIC
--- a/sys/arch/amd64/conf/GENERIC       Sat May 14 17:04:09 2016 +0000
+++ b/sys/arch/amd64/conf/GENERIC       Sat May 14 17:11:30 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.432 2016/05/01 10:21:01 nonaka Exp $
+# $NetBSD: GENERIC,v 1.433 2016/05/14 17:11:30 christos Exp $
 #
 # GENERIC machine description file
 #
@@ -22,7 +22,7 @@
 
 options        INCLUDE_CONFIG_FILE     # embed config file in kernel binary
 
-#ident                 "GENERIC-$Revision: 1.432 $"
+#ident                 "GENERIC-$Revision: 1.433 $"
 
 maxusers       64              # estimated number of users
 
@@ -1319,6 +1319,6 @@
 
 options        PAX_ASLR_DEBUG=1        # PaX ASLR debug
 options        PAX_SEGVGUARD=0         # PaX Segmentation fault guard
-options        PAX_MPROTECT=0          # PaX mprotect(2) restrictions
+options        PAX_MPROTECT=1          # PaX mprotect(2) restrictions
 options        PAX_MPROTECT_DEBUG=1    # PaX mprotect debug
 options        PAX_ASLR=1              # PaX Address Space Layout Randomization
diff -r 2e05625da743 -r ef78626cf4b0 sys/arch/amd64/conf/XEN3_DOM0
--- a/sys/arch/amd64/conf/XEN3_DOM0     Sat May 14 17:04:09 2016 +0000
+++ b/sys/arch/amd64/conf/XEN3_DOM0     Sat May 14 17:11:30 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: XEN3_DOM0,v 1.118 2016/05/01 10:21:01 nonaka Exp $
+# $NetBSD: XEN3_DOM0,v 1.119 2016/05/14 17:11:30 christos Exp $
 
 include        "arch/amd64/conf/std.xen"
 
@@ -854,8 +854,8 @@
 pseudo-device  xvif
 pseudo-device  xbdback
 
-options        PAX_MPROTECT=0          # PaX mprotect(2) restrictions
-options        PAX_ASLR=0              # PaX Address Space Layout Randomization
+options        PAX_MPROTECT=1          # PaX mprotect(2) restrictions
+options        PAX_ASLR=1              # PaX Address Space Layout Randomization
 
 # Atheros HAL options
 include "external/isc/atheros_hal/conf/std.ath_hal"
diff -r 2e05625da743 -r ef78626cf4b0 sys/arch/amd64/conf/XEN3_DOMU
--- a/sys/arch/amd64/conf/XEN3_DOMU     Sat May 14 17:04:09 2016 +0000
+++ b/sys/arch/amd64/conf/XEN3_DOMU     Sat May 14 17:11:30 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: XEN3_DOMU,v 1.64 2015/11/10 13:01:41 tnn Exp $
+# $NetBSD: XEN3_DOMU,v 1.65 2016/05/14 17:11:30 christos Exp $
 
 include        "arch/amd64/conf/std.xen"
 
@@ -231,8 +231,8 @@
 #pseudo-device pfsync                  # PF sync if
 #pseudo-device npf                     # NPF packet filter
 
-options        PAX_MPROTECT=0          # PaX mprotect(2) restrictions
-options        PAX_ASLR=0              # PaX Address Space Layout Randomization
+options        PAX_MPROTECT=1          # PaX mprotect(2) restrictions
+options        PAX_ASLR=1              # PaX Address Space Layout Randomization
 
 # miscellaneous pseudo-devices
 pseudo-device  pty                     # pseudo-terminals