Module Name: src
Committed By: christos
Date: Sat May 14 17:11:30 UTC 2016
Modified Files:
src/sys/arch/amd64/conf: GENERIC XEN3_DOM0 XEN3_DOMU
Log Message:
Turn on MPROTECT on GENERIC and both MPROTECT and ASLR on XEN*
To generate a diff of this commit:
cvs rdiff -u -r1.432 -r1.433 src/sys/arch/amd64/conf/GENERIC
cvs rdiff -u -r1.118 -r1.119 src/sys/arch/amd64/conf/XEN3_DOM0
cvs rdiff -u -r1.64 -r1.65 src/sys/arch/amd64/conf/XEN3_DOMU
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/amd64/conf/GENERIC
diff -u src/sys/arch/amd64/conf/GENERIC:1.432 src/sys/arch/amd64/conf/GENERIC:1.433
--- src/sys/arch/amd64/conf/GENERIC:1.432 Sun May 1 06:21:01 2016
+++ src/sys/arch/amd64/conf/GENERIC Sat May 14 13:11:30 2016
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.432 2016/05/01 10:21:01 nonaka Exp $
+# $NetBSD: GENERIC,v 1.433 2016/05/14 17:11:30 christos Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/amd64/conf/std.amd64"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.432 $"
+#ident "GENERIC-$Revision: 1.433 $"
maxusers 64 # estimated number of users
@@ -1319,6 +1319,6 @@ options VERIFIED_EXEC_FP_MD5
options PAX_ASLR_DEBUG=1 # PaX ASLR debug
options PAX_SEGVGUARD=0 # PaX Segmentation fault guard
-options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
+options PAX_MPROTECT=1 # PaX mprotect(2) restrictions
options PAX_MPROTECT_DEBUG=1 # PaX mprotect debug
options PAX_ASLR=1 # PaX Address Space Layout Randomization
Index: src/sys/arch/amd64/conf/XEN3_DOM0
diff -u src/sys/arch/amd64/conf/XEN3_DOM0:1.118 src/sys/arch/amd64/conf/XEN3_DOM0:1.119
--- src/sys/arch/amd64/conf/XEN3_DOM0:1.118 Sun May 1 06:21:01 2016
+++ src/sys/arch/amd64/conf/XEN3_DOM0 Sat May 14 13:11:30 2016
@@ -1,4 +1,4 @@
-# $NetBSD: XEN3_DOM0,v 1.118 2016/05/01 10:21:01 nonaka Exp $
+# $NetBSD: XEN3_DOM0,v 1.119 2016/05/14 17:11:30 christos Exp $
include "arch/amd64/conf/std.xen"
@@ -854,8 +854,8 @@ pseudo-device xenevt
pseudo-device xvif
pseudo-device xbdback
-options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
-options PAX_ASLR=0 # PaX Address Space Layout Randomization
+options PAX_MPROTECT=1 # PaX mprotect(2) restrictions
+options PAX_ASLR=1 # PaX Address Space Layout Randomization
# Atheros HAL options
include "external/isc/atheros_hal/conf/std.ath_hal"
Index: src/sys/arch/amd64/conf/XEN3_DOMU
diff -u src/sys/arch/amd64/conf/XEN3_DOMU:1.64 src/sys/arch/amd64/conf/XEN3_DOMU:1.65
--- src/sys/arch/amd64/conf/XEN3_DOMU:1.64 Tue Nov 10 08:01:41 2015
+++ src/sys/arch/amd64/conf/XEN3_DOMU Sat May 14 13:11:30 2016
@@ -1,4 +1,4 @@
-# $NetBSD: XEN3_DOMU,v 1.64 2015/11/10 13:01:41 tnn Exp $
+# $NetBSD: XEN3_DOMU,v 1.65 2016/05/14 17:11:30 christos Exp $
include "arch/amd64/conf/std.xen"
@@ -231,8 +231,8 @@ pseudo-device bridge # simple inter-ne
#pseudo-device pfsync # PF sync if
#pseudo-device npf # NPF packet filter
-options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
-options PAX_ASLR=0 # PaX Address Space Layout Randomization
+options PAX_MPROTECT=1 # PaX mprotect(2) restrictions
+options PAX_ASLR=1 # PaX Address Space Layout Randomization
# miscellaneous pseudo-devices
pseudo-device pty # pseudo-terminals
