Subject: Re: Non executable mappings and compatibility options bugs
To: None <>
From: Jonathan Stone <>
List: tech-security
Date: 06/21/2004 11:34:32
In message <>Thor Lancelot Simon writes
>On Sun, Jun 20, 2004 at 10:55:23AM -0700, Chuck Silvers wrote:
>> it would be safest to default to making everything executable for other
>> emulations until it can be verified that those binaries work ok with
>> non-executable mappings.  this seems fine to me.
>I strongly disagree; this would be a regression, with no warning to the
>user, in system security.  Adding a COMPAT_ option shouldn't punch a giant
>hole in a fundamental security mechanism.

Very true.  Emphatically true.

OTOH, security mechanisms shouldn't break emuls willy-nilly, for
people who need the emuls and who can live with reduced security. For,
say, machines dedicated to running commercial non-NetBSD apps under

If a global sysctl which enables the `old' behaviour for all
(preferably all non-NetBSD) emuls will work, that seems a reasonable
compromise.  (Until all the OSes being emulated fix all their mmap()s.)