--2iBwrppp/7QCDedR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jun 21, 2004 at 09:55:17AM -0400, Thor Lancelot Simon wrote:
> On Sun, Jun 20, 2004 at 10:55:23AM -0700, Chuck Silvers wrote:
> >=20
> > it would be safest to default to making everything executable for other
> > emulations until it can be verified that those binaries work ok with
> > non-executable mappings.  this seems fine to me.
>=20
> I strongly disagree; this would be a regression, with no warning to the
> user, in system security.  Adding a COMPAT_ option shouldn't punch a giant
> hole in a fundamental security mechanism.

How is this a regression? My understanding of the discussion is we would=20
disable non-exec mappings only for the emulaitons where the original OS=20
didn't do non-exec. My understanding of the reason for the discussion is=20
that some OSs, Linux/PPC for one, seem to depend on being able to exec=20
mappings we mark as non-exec. Thus we're imposing a restriction the OS=20
didn't, and breaking programs in the process.

So we either have programs that don't work, or programs that are as secure
as they were. I don't see how that is a regression. Yes, it is less
security than our current applications have, but that strikes me as a=20
reason to not use emulated programs, not a reason to break them.

I think it'd be a good idea to have a per-emulation sysctl, so we can tune=
=20
this behavior.

I think it would also be appropriate to note that emulations operate with=
=20
less security than native apps.

Take care,

Bill

--2iBwrppp/7QCDedR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFA17UCWz+3JHUci9cRArJDAKCLsGudYa1iVzUFj+mjacwCpy0RsACeKPpS
G0kJ4cZI+OhIq66P1bHLJyE=
=8wGR
-----END PGP SIGNATURE-----

--2iBwrppp/7QCDedR--