Hi,
On Mon, Oct 21, 2019 at 09:57:24AM +0100, Stuart Henderson wrote:
> > $ grep -rHI USE_WXNEEDED /usr/ports/ | wc
> > 64 2013827
>
> This ignores ports where USE_WXNEEDED is set by a module, this is a better
> number:
>
> $ sqlite3 /usr/local/share/sqlports "select
On 2019/10/21 10:19, Masato Asou wrote:
> From: "Nelson H. F. Beebe"
> Date: Fri, 18 Oct 2019 07:39:26 -0600
>
> > Has anyone looked into the problem of enumerating packages that are
> > installed in the /usr/local tree that actually NEED simultaneous write
> > and execute access?
>
> You can
From: "Nelson H. F. Beebe"
Date: Fri, 18 Oct 2019 07:39:26 -0600
> Has anyone looked into the problem of enumerating packages that are
> installed in the /usr/local tree that actually NEED simultaneous write
> and execute access?
You can find that as below:
$ grep -rHI USE_WXNEEDED /usr/ports/
Nelson H. F. Beebe wrote:
> If only a small number of packages need W^X capability, would it make
> sense to create a separate file tree for them, and let every other
> part of the filesystem enjoy W^X protection, along with additional
> security from addition of pledge() and veil() promises
On Fri, Oct 18, 2019 at 07:39:26AM -0600, Nelson H. F. Beebe wrote:
> Because I dislike splitting disks into numerous partitions, each of
> whose sizes is a future show-stopper when they prove too small, I
> generally split disks into just root + swap. Thus, I find on our
> currently 7 versions
On Fri, Oct 18, 2019 at 07:39:26AM -0600, Nelson H. F. Beebe wrote:
> Because I dislike splitting disks into numerous partitions, each of
> whose sizes is a future show-stopper when they prove too small, I
> generally split disks into just root + swap.
> If only a small number of packages need
Because I dislike splitting disks into numerous partitions, each of
whose sizes is a future show-stopper when they prove too small, I
generally split disks into just root + swap. Thus, I find on our
currently 7 versions of OpenBSD 6.x in our test farm reports like
this:
# mount
