Hello,
in 60.html I read the following paragraph :
"W^X is now strictly enforced by default; a program can only violate it
if the executable is marked with PT_OPENBSD_WXNEEDED and is located on a
filesystem mounted with the wxallowed mount(8) option. Because there are
still too many ports which violate W^X, the installer mounts the
/usr/local filesystem with wxallowed. This allows the base system to be
more secure as long as /usr/local is a separate filesystem. If you use
no W^X violating programs, consider manually revoking that option."
The use of PT_OPENBSD_WXNEEDED has been added after the freeze of 6.0.
I checked the W^X behaviour by installing a 6.0 release from
amd64/install60.iso and when starting sbcl (a binary I know which do a
W^X violation when started) gets reported in dmesg but isn't killed. So,
wxneeded isn't used.
The paragraph in 60.html should only mentions the wxallowed flag on a
mountpoint.
Kind regards
