Subject: CVS commit: src
To: None <source-changes@NetBSD.org>
From: Elad Efrat <elad@netbsd.org>
List: source-changes
Date: 05/16/2006 00:08:25
Module Name:	src
Committed By:	elad
Date:		Tue May 16 00:08:25 UTC 2006

Modified Files:
	src/distrib/sets/lists/base: mi
	src/distrib/sets/lists/man: mi
	src/lib/libc/gen: sysctl.3
	src/sbin/sysctl: sysctl.8
	src/share/man/man4: options.4
	src/sys/conf: files
	src/sys/kern: exec_elf32.c
	src/sys/sys: exec_elf.h proc.h
	src/sys/uvm: uvm_map.c
	src/usr.bin: Makefile
Added Files:
	src/sys/kern: kern_pax.c
	src/sys/sys: pax.h
	src/usr.bin/paxctl: Makefile paxctl.1 paxctl.c

Log Message:
Introduce PaX MPROTECT -- mprotect(2) restrictions used to strengthen
W^X mappings.

Disabled by default.

First proposed in:

	http://mail-index.netbsd.org/tech-security/2005/12/18/0000.html

More information in:

	http://pax.grsecurity.net/docs/mprotect.txt

Read relevant parts of options(4) and sysctl(3) before using!

Lots of thanks to the PaX author and Matt Thomas.


To generate a diff of this commit:
cvs rdiff -r1.621 -r1.622 src/distrib/sets/lists/base/mi
cvs rdiff -r1.888 -r1.889 src/distrib/sets/lists/man/mi
cvs rdiff -r1.169 -r1.170 src/lib/libc/gen/sysctl.3
cvs rdiff -r1.144 -r1.145 src/sbin/sysctl/sysctl.8
cvs rdiff -r1.317 -r1.318 src/share/man/man4/options.4
cvs rdiff -r1.773 -r1.774 src/sys/conf/files
cvs rdiff -r1.112 -r1.113 src/sys/kern/exec_elf32.c
cvs rdiff -r0 -r1.1 src/sys/kern/kern_pax.c
cvs rdiff -r1.85 -r1.86 src/sys/sys/exec_elf.h
cvs rdiff -r0 -r1.1 src/sys/sys/pax.h
cvs rdiff -r1.221 -r1.222 src/sys/sys/proc.h
cvs rdiff -r1.223 -r1.224 src/sys/uvm/uvm_map.c
cvs rdiff -r1.150 -r1.151 src/usr.bin/Makefile
cvs rdiff -r0 -r1.1 src/usr.bin/paxctl/Makefile src/usr.bin/paxctl/paxctl.1 \
    src/usr.bin/paxctl/paxctl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.