tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Some pkgsrc/mk/pax.mk suggestions (was: Re: PaX mprotect now on for amd64)
I don't remember if I mentioned this somewhere before or only thought
it, but:
On Tue, Jul 05, 2016 at 06:39:12PM +0200, Leonardo Taccari wrote:
> Add NOT_PAX_ASLR_SAFE and NOT_PAX_MPROTECT_SAFE to BUILD_DEFS so the
> paxctl-fied binaries can be inspected via `pkg_info -Q'
while PAX_MPROTECT is a thing of a particular kind, ASLR is a general
feature and it would be better to just have NOT_ASLR_SAFE. That way we
don't end up with NOT_PUX_ASLR_SAFE and NOT_PEX_ASLR_SAFE and so on as
we discover other OSes' differing implementations but can handle them
under the hood.
then there's agc's objection to negative boolean variables, which I
tend to agree with; instead of
NOT_PAX_MPROTECT_SAFE=yes
it would be nicer to have in packages
PAX_MPROTECT_SAFE=no
and if we're going to change this it should be now and shouldn't wait :-/
--
David A. Holland
dholland%netbsd.org@localhost
Home |
Main Index |
Thread Index |
Old Index