Oliver Pinter <oliver.p...@gmail.com> writes:
> PAX LOG: implement new logging subsystem
> PAX LOG: fix pax_ulog_segvguard
> PAX LOG: added sysctl's and tunables
> PAX ASLR: use PAX LOG
> PAX LOG: fix pax_ulog_##name()
> PAX LOG: fix prison init
> PAX LOG: fixed log and ulog sysctl
What exactly is the purpose of PAX LOG? Have you considered using
> PAX: blacklist clang and related binaries from PIE support
Why? Performance, or do they actually break?
> PAX ASLR: Blacklist the applications that don't support being built as
> a position-independent executable
"don't support" as in you have tested them and confirmed that they break
in some way? Could you post your test methodology so people can
replicate the failures and look into fixing them?
> PAX ASLR: Use a full kernel config for LATT-ASLR
What is the difference between LATT-ASLR and OP-ASLR, and why not just
"include GENERIC"? You know about "nooptions", right?
> Revert "PAX: blacklist clang and related binaries from PIE support"
> Revert "Revert "PAX: blacklist clang and related binaries from PIE
Dag-Erling Smørgrav - d...@des.no
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"