Subject: re: Importing PaX features to NetBSD
To: matthew green <>
From: Tim Rightnour <>
List: tech-security
Date: 12/18/2005 08:44:14
On 18-Dec-2005 matthew green wrote:
> you fail to understand the performance issue here.  when, eg, libc is
> not mapped at the same address as other processes, the performance hit
> is in the range of 30-40% on some platforms.  it's not about start up
> it is about the MMU being constantly trashed.

Whats the harm in providing the switch to turn it on though?  It sounds like a
reasonable not-on-by-default kind of security thing.

Speaking personally.. I don't care if we have a million security features in
the kernel, as long as I can shut the annoying ones off, and the test-for-off
code doesn't bog the kernel down.

Tim Rightnour <>
NetBSD: Free multi-architecture OS
Genecys: Open Source 3D MMORPG: