Subject: Re: segvguard [was: Re: CVS commit: src/sys/sys]
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <email@example.com>
Date: 11/30/2006 22:55:28
> PaX Segvguard makes use of kernel memory, so use it wisely. While
> it provides rate-limiting protections, it works on a per-program
> basis for keeping its records, meaning that irresponsible use may
> result in keeping track of all segfaults in the system, easily
> wasting all kernel memory.
are you talking about pax_segvguard_entry etc?
> For this reason, it is highly recommended to have PaX Segvguard
> enabled explicitly only for network services etc. Enabling PaX
> Segvguard explicitly works like this:
> # paxctl +G /usr/sbin/sshd
> Explicitly disabling PaX Segvguard can be done like this:
> # paxctl +g /bin/ls
why do you want to disable it?
ie. why do you want to use two bits in PF_MASKOS?