Do we care about the exec-shield=2 configuration? Does anybody use that? In the execshield patch we have in Fedora at this point, the (exec_shield & 2) special cases are the only arch-independent changes that are not fairly clean and isolated.
The patch puts a comment in sysctl.c about several bit flags in exec_shield, but actually only &2 and !=0 are really meaningful in our code. If we could get rid of exec_shield&2 then it would be down to just exec_shield!=0 and as of now that already only affects NX-emulation in fact. If someone does want a behavior akin to exec_shield&2 that could be done cleanly (and upstreamed) with a saner sysctl or two. What it does now is a little incoherent. Thanks, Roland _______________________________________________ kernel mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/kernel
