Subject: Re: Non executable mappings and compatibility options bugs
To: matthew green <>
From: Erik E. Fair <>
List: tech-security
Date: 06/22/2004 09:09:26
The point is to make sure that the user understands the risks
they're running. We now have a new statement to make:

	When you're running binaries compiled specifically for
	NetBSD, you are protected against the exploitation of a
	class of programming mistakes that can lead to system
	security issues, because the NetBSD kernel uses the system
	Memory Management Unit (MMU) to prevent code from executing
	on the CPU stack and in other places that have proven
	"unsafe" in practice.

	However, when you run a binary compiled for Linux (or fill
	in your favorite emulation here), this protection is not
	available because it causes too many Linux programs to fail
	(i.e. they depend on this unsafe capability). We suggest
	that you consider this issue carefully when you decide
	which programs to run on your system.

	We recommend that you use only programs that were specifically
	compiled for NetBSD. If your software vendor does not
	provide such support, please consider asking them for this.

The main thing I think we're disagreeing about is how loudly to
say this.

	Erik <>