Subject: Re: Non executable mappings and compatibility options bugs
To: None <firstname.lastname@example.org>
From: Jonathan Stone <email@example.com>
Date: 06/21/2004 11:34:32
In message <20040621135517.GA3179@panix.com>Thor Lancelot Simon writes
>On Sun, Jun 20, 2004 at 10:55:23AM -0700, Chuck Silvers wrote:
>> it would be safest to default to making everything executable for other
>> emulations until it can be verified that those binaries work ok with
>> non-executable mappings. this seems fine to me.
>I strongly disagree; this would be a regression, with no warning to the
>user, in system security. Adding a COMPAT_ option shouldn't punch a giant
>hole in a fundamental security mechanism.
Very true. Emphatically true.
OTOH, security mechanisms shouldn't break emuls willy-nilly, for
people who need the emuls and who can live with reduced security. For,
say, machines dedicated to running commercial non-NetBSD apps under
If a global sysctl which enables the `old' behaviour for all
(preferably all non-NetBSD) emuls will work, that seems a reasonable
compromise. (Until all the OSes being emulated fix all their mmap()s.)