Re: Some pkgsrc/mk/pax.mk suggestions (was: Re: PaX mprotect now on for amd64)

[Jonathan Perkin <jperkin%joyent.com@localhost>]

* On 2016-07-05 at 17:53 BST, Thomas Klausner wrote:

> On Tue, Jul 05, 2016 at 04:46:15PM +0000, David Holland wrote:
> > I don't remember if I mentioned this somewhere before or only thought
> > it, but:
> > 
> > On Tue, Jul 05, 2016 at 06:39:12PM +0200, Leonardo Taccari wrote:
> >  > Add NOT_PAX_ASLR_SAFE and NOT_PAX_MPROTECT_SAFE to BUILD_DEFS so the
> >  > paxctl-fied binaries can be inspected via `pkg_info -Q'
> > 
> > while PAX_MPROTECT is a thing of a particular kind, ASLR is a general
> > feature and it would be better to just have NOT_ASLR_SAFE. That way we
> > don't end up with NOT_PUX_ASLR_SAFE and NOT_PEX_ASLR_SAFE and so on as
> > we discover other OSes' differing implementations but can handle them
> > under the hood.
> > 
> > then there's agc's objection to negative boolean variables, which I
> > tend to agree with; instead of
> > 
> >    NOT_PAX_MPROTECT_SAFE=yes
> > 
> > it would be nicer to have in packages
> > 
> >    PAX_MPROTECT_SAFE=no
> > 
> > and if we're going to change this it should be now and shouldn't wait :-/
> 
> But it's not a yes/no variable, it's a list of files.

Then name them PAX_MPROTECT_SKIP and PAX_ASLR_SKIP to follow
CHECK_SHLIBS_SKIP, CHECK_INTERPRETER_SKIP, etc?

-- 
Jonathan Perkin  -  Joyent, Inc.  -  www.joyent.com