>So, I used to build run-from-ATA-flash bastion hosts like this:  all
>filesystems with executables mounted read-only, all writable filesystems
>mounted noexec, nodev.  Seemed simple and elegant, as well as secure; if
>I ran at securelevel 2, I thought I was pretty safe.
>...
>Fixing this would require not allowing executable mappings if the backing
>vnode weren't executable.  I think that this is actually unquestionably
>correct, but because the original Sun implementation didn't require it,
>we will get zillions of complaints from people who say that we "broke
>shared libraries".

what about not allowing executable mappings if the backing filesystem
doesn't allow it?

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."