Oliver Pinter <oliver.p...@gmail.com> writes:
>       PAX LOG: implement new logging subsystem
>       PAX LOG: fix pax_ulog_segvguard
>       PAX LOG: added sysctl's and tunables
>       PAX ASLR: use PAX LOG
>       PAX LOG: fix pax_ulog_##name()
>       PAX LOG: fix prison init
>       PAX LOG: fixed log and ulog sysctl

What exactly is the purpose of PAX LOG?  Have you considered using
ktrace instead?

>       PAX: blacklist clang and related binaries from PIE support

Why?  Performance, or do they actually break?

>       PAX ASLR: Blacklist the applications that don't support being built as 
> a position-independent executable

"don't support" as in you have tested them and confirmed that they break
in some way?  Could you post your test methodology so people can
replicate the failures and look into fixing them?

>       PAX ASLR: Use a full kernel config for LATT-ASLR

What is the difference between LATT-ASLR and OP-ASLR, and why not just
"include GENERIC"?  You know about "nooptions", right?

>       Revert "PAX: blacklist clang and related binaries from PIE support"
>       Revert "Revert "PAX: blacklist clang and related binaries from PIE 
> support""


Dag-Erling Smørgrav - d...@des.no
freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to