On Fri, Jun 18, 2010 at 04:00:12AM -0700, Roland McGrath wrote:
> Do we care about the exec-shield=2 configuration? Does anybody use that?
I'd be surprised to hear that anyone changes that sysctl these days.
> In the execshield patch we have in Fedora at this point, the
> (exec_shield & 2) special cases are the only arch-independent
> changes that are not fairly clean and isolated.
>
> The patch puts a comment in sysctl.c about several bit flags in
> exec_shield, but actually only &2 and !=0 are really meaningful
> in our code. If we could get rid of exec_shield&2 then it would
> be down to just exec_shield!=0 and as of now that already only
> affects NX-emulation in fact.
>
> If someone does want a behavior akin to exec_shield&2 that could
> be done cleanly (and upstreamed) with a saner sysctl or two.
> What it does now is a little incoherent.
Sounds like a good idea to me.
Dave
_______________________________________________
kernel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/kernel
