>> I agree that we should not make kernels insecure by default in order
>> to please broken emulations. On the other hand, we should document
>> and explain why emulations break and provide a sysctl to let broken
>> emulated programs run until we supply the tools you mention above.
>> This sysctl should default to "off" and users should be strongly
>> cautioned against turning it "on".

> well, the tools will be much easier to write than the sysctl, so I'm only
> going to do the tools.  I'd prefer that the sysctl thing never actually be
> done, since it opens a big can of worms.

On the other hand, the sysctl is the right fix. The patching program has
several drawbacks.

What if we want to run a binary from a R/O media? We can union mount
something on the top of it to use the modified binary, but it does not
sounds very appealing

What if we ever encounter a binary that checks its own sum?

What if we encounter a binary that really wants an executable stack (or
heap)? 

The latter problem is not specific to emulations and should probably be
addressed system-wide. After all, while it's a major security
improvement, no standard document said the stack and heap should be non
executable. 

For that reasons, a sysctl in the proc subtree seems useful. Is it
really hard to implement? We could have a p_flag about non exeutable
mappings. In how many places we'd have to check for it?  

-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@netbsd.org