CVSROOT: /cvs
Module name: src
Changes by: dera...@cvs.openbsd.org 2016/05/27 13:45:04
Modified files:
lib/libc/sys : mmap.2 mount.2 mprotect.2
sbin/mount : mntopts.h mount.8 mount.c
sbin/mount_ffs : mount_ffs.c
sbin/mount_nfs : mount_nfs.c
sys/kern : kern_sysctl.c vfs_syscalls.c
sys/sys : mount.h sysctl.h
sys/uvm : uvm_mmap.c
usr.sbin/pstat : pstat.c
Log message:
W^X violations are no longer permitted by default. A kernel log message
is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag
kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump
creation.
W^X violating programs can be permitted on a ffs/nfs filesystem-basis,
using the "wxallowed" mount option. One day far in the future
upstream software developers will understand that W^X violations are a
tremendously risky practice and that style of programming will be
banished outright. Until then, we recommend most users need to use the
wxallowed option on their /usr/local filesystem. At least your other
filesystems don't permit such programs.
ok jca kettenis mlarkin natano
