Subject: Re: Non executable mappings and compatibility options bugs
To: Thor Lancelot Simon <>
From: Bill Studenmund <>
List: tech-security
Date: 06/21/2004 21:26:42
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jun 21, 2004 at 09:55:17AM -0400, Thor Lancelot Simon wrote:
> On Sun, Jun 20, 2004 at 10:55:23AM -0700, Chuck Silvers wrote:
> >=20
> > it would be safest to default to making everything executable for other
> > emulations until it can be verified that those binaries work ok with
> > non-executable mappings.  this seems fine to me.
> I strongly disagree; this would be a regression, with no warning to the
> user, in system security.  Adding a COMPAT_ option shouldn't punch a giant
> hole in a fundamental security mechanism.

How is this a regression? My understanding of the discussion is we would=20
disable non-exec mappings only for the emulaitons where the original OS=20
didn't do non-exec. My understanding of the reason for the discussion is=20
that some OSs, Linux/PPC for one, seem to depend on being able to exec=20
mappings we mark as non-exec. Thus we're imposing a restriction the OS=20
didn't, and breaking programs in the process.

So we either have programs that don't work, or programs that are as secure
as they were. I don't see how that is a regression. Yes, it is less
security than our current applications have, but that strikes me as a=20
reason to not use emulated programs, not a reason to break them.

I think it'd be a good idea to have a per-emulation sysctl, so we can tune=
this behavior.

I think it would also be appropriate to note that emulations operate with=
less security than native apps.

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)