On 11/15/11, Jeremie Le Hen <jeremie_at_le-hen.org> wrote: > Hi, > > On Wed, Oct 19, 2011 at 12:37:44AM +0200, Oliver Pinter wrote: >> In NetBSD has been some PaX feature [0] implemented. (ASLR, W^X >> (~nxstack), mprotect restriction, veriexec, mmap randomization[2]...) >> >> [0] http://pax.grsecurity.net/docs/index.html >> [1] http://www.netbsd.org/~elad/recent/man/security.8.html >> [2] http://people.freebsd.org/~ssouhlal/testing/stackgap-20050527.diff > > Suleiman actually wrought two patches, one randomizing the stack (the > one you pointed out) and another one randomizing non-fixed mmap(2) > calls: > > http://people.freebsd.org/~ssouhlal/testing/mmap_random-20050528.diff > > > FYI, they do not apply cleanly on recent source trees (the patches were > made in 2005), but they can be applied with little fiddling. I'm > running multiple 8.x production machines with them without any problem. Yeah, I use thins patch in 7-STABLE and 9-STABLE too. Patch for 9-STABLE has attached. > > I've always wanted them to be committed as opt-in knobs, but I can't > remember why they hadn't at the time. > > Cheers, > -- > Jeremie Le Hen > > Men are born free and equal. Later on, they're on their own. > Jean Yanne >
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:20 UTC