Subject: re: Non executable mappings and compatibility options bugs
To: Erik E. Fair <fair@netbsd.org>
From: matthew green <mrg@eterna.com.au>
List: tech-security
Date: 06/22/2004 15:58:57
   At 9:55 -0400 6/21/04, Thor Lancelot Simon wrote:
   >On Sun, Jun 20, 2004 at 10:55:23AM -0700, Chuck Silvers wrote:
   >>
   >>  it would be safest to default to making everything executable for other
   >>  emulations until it can be verified that those binaries work ok with
   >>  non-executable mappings.  this seems fine to me.
   >
   >I strongly disagree; this would be a regression, with no warning to the
   >user, in system security.  Adding a COMPAT_ option shouldn't punch a giant
   >hole in a fundamental security mechanism.
   >
   >If nothing else, both config and the kernel at boot time should print
   >warnings about this.
   
   I agree completely with what Thor wrote, with feeling. Emphasis. Exclamation.


actually, i'd call the fact that we can no longer run other binaries
a regression, not the fact that we can only run our own secure ones.


i'm all for security features, but they can't break other things in
the process.  why is it a regression to not enable a security feature
for an emulation until it's verified _not to break it_?



.mrg.