Subject: Re: Non executable mappings and compatibility options bugs
To: Andrew Brown <email@example.com>
From: Manuel Bouyer <firstname.lastname@example.org>
Date: 06/23/2004 18:02:44
On Wed, Jun 23, 2004 at 11:18:22AM -0400, Andrew Brown wrote:
> On Wed, Jun 23, 2004 at 11:45:43AM +0200, Manuel Bouyer wrote:
> >On Tue, Jun 22, 2004 at 05:23:18PM -0700, Erik E. Fair wrote:
> >> Sometimes it's not even a matter of security - I remember all the
> >> screaming when deferencing address zero stopped working on newer UNIX
> >> systems of the day, and that broke a whole lot of (badly written)
> >> software. Incremental improvements in practice are still a good thing.
> >> Since software from our own source tree is unaffected (or has been
> >> cleaned up already), it seems to me that the explicit enforcement of
> >> execution permissions needs to be a per-emulation flag, and that in
> >> our kernel configurations, those emulations that require the
> >> enforcement off should themselves be commented out by default with a
> >> clear notation of the security threat that they pose. We can change
> >> each emulation's flag and "commented out" status when they clean up
> >> their acts (presuming they ever will; emulations of EOL'd operating
> >> systems will just have to endure whatever state they turn out to be
> >> in).
> >I don't think having the emulations commented out by default is a big deal,
> >as we also provide LKMs, and there is LKM support in the GENERIC kernels.
> >We'd just have to add to the release notes that emulation support now is not
> >enabled by default, and you have to uncomment them in /etc/lkm.conf to use
> >them (along with the security warnings about non-exec stack).
> oh, and don't forget to add something that tells the user they need to
> rebuild all the lkms if they build their own kernel with any of:
If they build their own kernel, they can also add the right COMPAT_xxx
Manuel Bouyer <email@example.com>
NetBSD: 26 ans d'experience feront toujours la difference