tech-kern: Re: segvguard [was: Re: CVS commit: src/sys/sys]

Subject: Re: segvguard [was: Re: CVS commit: src/sys/sys]
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-kern
Date: 11/30/2006 22:55:28

>      PaX Segvguard makes use of kernel memory, so use it wisely.  While
>      it provides rate-limiting protections, it works on a per-program
>      basis for keeping its records, meaning that irresponsible use may
>      result in keeping track of all segfaults in the system, easily
>      wasting all kernel memory.

are you talking about pax_segvguard_entry etc?

>      For this reason, it is highly recommended to have PaX Segvguard
>      enabled explicitly only for network services etc.  Enabling PaX
>      Segvguard explicitly works like this:
> 
>            # paxctl +G /usr/sbin/sshd

>      Explicitly disabling PaX Segvguard can be done like this:
> 
>            # paxctl +g /bin/ls

why do you want to disable it?
ie. why do you want to use two bits in PF_MASKOS?

YAMAMOTO Takashi