On Jun 24, 2004, at 1:58 AM, Alan Barrett wrote:
> How does the following compromise sound?
>
>         shlibs must be in files that have "r" permission.
>         shlibs must be on file systems that honour "x" permission
>                 (that is, were not mounted with the noexec option).

Now that we have noexec permissions on pages (for some architectures),
make the mapping of vnode backed pages with PROT_EXEC only be allowed
on filesystems that were not mounted with noexec.  Otherwise,
mmap/uvm_map/mprotect will return EPERM for the mapping operation.

-- 
Matt Thomas                     email: matt@3am-software.com
3am Software Foundry              www: http://3am-software.com/bio/matt/
Cupertino, CA              disclaimer: I avow all knowledge of this 
message.