[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Some pkgsrc/mk/pax.mk suggestions (was: Re: PaX mprotect now on for amd64)
* On 2016-07-05 at 17:53 BST, Thomas Klausner wrote:
> On Tue, Jul 05, 2016 at 04:46:15PM +0000, David Holland wrote:
> > I don't remember if I mentioned this somewhere before or only thought
> > it, but:
> > On Tue, Jul 05, 2016 at 06:39:12PM +0200, Leonardo Taccari wrote:
> > > Add NOT_PAX_ASLR_SAFE and NOT_PAX_MPROTECT_SAFE to BUILD_DEFS so the
> > > paxctl-fied binaries can be inspected via `pkg_info -Q'
> > while PAX_MPROTECT is a thing of a particular kind, ASLR is a general
> > feature and it would be better to just have NOT_ASLR_SAFE. That way we
> > don't end up with NOT_PUX_ASLR_SAFE and NOT_PEX_ASLR_SAFE and so on as
> > we discover other OSes' differing implementations but can handle them
> > under the hood.
> > then there's agc's objection to negative boolean variables, which I
> > tend to agree with; instead of
> > NOT_PAX_MPROTECT_SAFE=yes
> > it would be nicer to have in packages
> > PAX_MPROTECT_SAFE=no
> > and if we're going to change this it should be now and shouldn't wait :-/
> But it's not a yes/no variable, it's a list of files.
Then name them PAX_MPROTECT_SKIP and PAX_ASLR_SKIP to follow
CHECK_SHLIBS_SKIP, CHECK_INTERPRETER_SKIP, etc?
Jonathan Perkin - Joyent, Inc. - www.joyent.com
Main Index |
Thread Index |