On Mon, 11 Jan 2021 at 19:34, John Baldwin <[email protected]> wrote: > > To be clear though, this doesn't set the default to enforcing W^X, it just > adds a knob that can be set to enforce that on most binaries. My guess is > that the plan is to get some testing/exposure of this on head (e.g. doing > an exp-run with this set would probably be a good test?) and then flip the > default to enable this restriction in the future?
Yes, an exp-run would be useful, although I don't think it will find too much unless we execute regression tests on the built ports. We can ask folks to turn it on and report problems; note that any ELF binary requesting an executable stack will (appear to) abort at startup, and will have to be fixed to request a non-executable stack. Other than that I have seen no fallout after enabling this on my laptop. To enable set the two sysctls: kern.elf32.allow_wx=0 kern.elf64.allow_wx=0 _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all To unsubscribe, send any mail to "[email protected]"
