On Tue, Jul 05, 2016 at 04:46:15PM +0000, David Holland wrote: > I don't remember if I mentioned this somewhere before or only thought > it, but: > > On Tue, Jul 05, 2016 at 06:39:12PM +0200, Leonardo Taccari wrote: > > Add NOT_PAX_ASLR_SAFE and NOT_PAX_MPROTECT_SAFE to BUILD_DEFS so the > > paxctl-fied binaries can be inspected via `pkg_info -Q' > > while PAX_MPROTECT is a thing of a particular kind, ASLR is a general > feature and it would be better to just have NOT_ASLR_SAFE. That way we > don't end up with NOT_PUX_ASLR_SAFE and NOT_PEX_ASLR_SAFE and so on as > we discover other OSes' differing implementations but can handle them > under the hood. > > then there's agc's objection to negative boolean variables, which I > tend to agree with; instead of > > NOT_PAX_MPROTECT_SAFE=yes > > it would be nicer to have in packages > > PAX_MPROTECT_SAFE=no > > and if we're going to change this it should be now and shouldn't wait :-/
But it's not a yes/no variable, it's a list of files. Thomas
