tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Some pkgsrc/mk/pax.mk suggestions (was: Re: PaX mprotect now on for amd64)



I don't remember if I mentioned this somewhere before or only thought
it, but:

On Tue, Jul 05, 2016 at 06:39:12PM +0200, Leonardo Taccari wrote:
 > Add NOT_PAX_ASLR_SAFE and NOT_PAX_MPROTECT_SAFE to BUILD_DEFS so the
 > paxctl-fied binaries can be inspected via `pkg_info -Q'

while PAX_MPROTECT is a thing of a particular kind, ASLR is a general
feature and it would be better to just have NOT_ASLR_SAFE. That way we
don't end up with NOT_PUX_ASLR_SAFE and NOT_PEX_ASLR_SAFE and so on as
we discover other OSes' differing implementations but can handle them
under the hood.

then there's agc's objection to negative boolean variables, which I
tend to agree with; instead of

   NOT_PAX_MPROTECT_SAFE=yes

it would be nicer to have in packages

   PAX_MPROTECT_SAFE=no

and if we're going to change this it should be now and shouldn't wait :-/

-- 
David A. Holland
dholland%netbsd.org@localhost


Home | Main Index | Thread Index | Old Index