In message <20040621135517.GA3179@panix.com>Thor Lancelot Simon writes
>On Sun, Jun 20, 2004 at 10:55:23AM -0700, Chuck Silvers wrote:
>> 
>> it would be safest to default to making everything executable for other
>> emulations until it can be verified that those binaries work ok with
>> non-executable mappings.  this seems fine to me.
>
>I strongly disagree; this would be a regression, with no warning to the
>user, in system security.  Adding a COMPAT_ option shouldn't punch a giant
>hole in a fundamental security mechanism.
[...]

Very true.  Emphatically true.

OTOH, security mechanisms shouldn't break emuls willy-nilly, for
people who need the emuls and who can live with reduced security. For,
say, machines dedicated to running commercial non-NetBSD apps under
emulation.

If a global sysctl which enables the `old' behaviour for all
(preferably all non-NetBSD) emuls will work, that seems a reasonable
compromise.  (Until all the OSes being emulated fix all their mmap()s.)