Subject: Re: Importing PaX features to NetBSD
To: None <>
From: Elad Efrat <>
List: tech-security
Date: 12/19/2005 00:40:52
Pavel Cahyna wrote:

> Fine. If you implement this, can you please make the decision controllable
> per-process, rather than per-system? E. g. with some proc.<pid>.xxx
> sysctl. Because if any such optimizatoon appears, it will make sense to
> enable randomization for processes where exec time is not a bottleneck and
> are exposed to attacks (like sshd, bind, or setuid executables) but disable
> it for other processes.

Sure. PaX already does something similar using its own ELF program
header to store related flags; I'll look into doing the same for


Elad Efrat