Subject: Re: Non executable mappings and compatibility options bugs
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Erik E. Fair <fair@netbsd.org>
List: tech-kern
Date: 06/22/2004 17:23:18
Sometimes it's not even a matter of security - I remember all the 
screaming when deferencing address zero stopped working on newer UNIX 
systems of the day, and that broke a whole lot of (badly written) 
software. Incremental improvements in practice are still a good thing.

Since software from our own source tree is unaffected (or has been 
cleaned up already), it seems to me that the explicit enforcement of 
execution permissions needs to be a per-emulation flag, and that in 
our kernel configurations, those emulations that require the 
enforcement off should themselves be commented out by default with a 
clear notation of the security threat that they pose. We can change 
each emulation's flag and "commented out" status when they clean up 
their acts (presuming they ever will; emulations of EOL'd operating 
systems will just have to endure whatever state they turn out to be 
in).

This keeps us "default secure" which I presume is still our project 
policy. People will grumble, I'm sure, but better that than to end up 
singing "mea culpa" when systems running NetBSD get compromised in 
the field.

	Erik <fair@netbsd.org>