Re: PaX mprotect now on for amd64

To: Christos Zoulas <christos%zoulas.com@localhost>
Subject: Re: PaX mprotect now on for amd64
From: David Brownlee <abs%absd.org@localhost>
Date: Sun, 15 May 2016 09:22:15 +0100

On 14 May 2016 at 18:09, Christos Zoulas <christos%zoulas.com@localhost> wrote:
>
> Hi,
>
> I just turned on mprotect for amd64. The following sysctls have
> been set to 1
>
>     security.pax.mprotect.enable=1
>     security.pax.mprotect.global=1
>
> If you want to see what processes hit this you can:
>
>     security.pax.mprotect.debug=1
>
> This breaks programs that need to map segments both writable and executable,
> for example java. To fix them you can:
>
> paxctl +m /path/to/bin/java

Very nice :)

Would it make sense to (possibly optionally) integrate this into
pkgsrc builds for at least java? (the paxctl +m call)

Follow-Ups:
- Re: PaX mprotect now on for amd64
  - From: Pierre Pronchery
- Re: PaX mprotect now on for amd64
  - From: Kamil Rytarowski

References:
- PaX mprotect now on for amd64
  - From: Christos Zoulas

Prev by Date: daily CVS update output
Next by Date: Re: PaX mprotect now on for amd64
Previous by Thread: PaX mprotect now on for amd64
Next by Thread: Re: PaX mprotect now on for amd64
Indexes:

Home | Main Index | Thread Index | Old Index