On Jun 23, 2011, at 6:50 PM, Christos Zoulas wrote: > In article <20110624004847.8a0ce17...@cvs.netbsd.org>, > Matt Thomas <source-changes-d@NetBSD.org> wrote: >> -=-=-=-=-=- >> >> Module Name: src >> Committed By: matt >> Date: Fri Jun 24 00:48:47 UTC 2011 >> >> Modified Files: >> src/sys/arch/evbppc/conf: RB800 >> >> Log Message: >> Turn on PAX_ASLR > > I am fine with that, just 2 comments. > - to fully take advantage of ASLR you need MKPIE=yes so that the text > and data segments get randomized too.
Already doing that. Pretty certain I'm the only one using RB800 so ... I want to do some timings to compare MKPIE=yes against MKPIE=no. > - just using options PAX_ASLR is probably safer and you can then enable > it with: sysctl -w security.pax.aslr.enabled=1 PAX_ASLR requires a value.
