Pavel Cahyna wrote:

> Fine. If you implement this, can you please make the decision controllable
> per-process, rather than per-system? E. g. with some proc.<pid>.xxx
> sysctl. Because if any such optimizatoon appears, it will make sense to
> enable randomization for processes where exec time is not a bottleneck and
> are exposed to attacks (like sshd, bind, or setuid executables) but disable
> it for other processes.

Sure. PaX already does something similar using its own ELF program
header to store related flags; I'll look into doing the same for
NetBSD.

-e.

-- 
Elad Efrat