|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Non executable mappings and compatibility options bugs
From: Jonathan Stone (jonathan
dsg.stanford.edu)
Date: Mon Jun 21 2004 - 13:34:32 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In message <20040621135517.GA3179panix.com>Thor Lancelot Simon writes
>On Sun, Jun 20, 2004 at 10:55:23AM -0700, Chuck Silvers wrote:
>>
>> it would be safest to default to making everything executable for other
>> emulations until it can be verified that those binaries work ok with
>> non-executable mappings. this seems fine to me.
>
>I strongly disagree; this would be a regression, with no warning to the
>user, in system security. Adding a COMPAT_ option shouldn't punch a giant
>hole in a fundamental security mechanism.
[...]
Very true. Emphatically true.
OTOH, security mechanisms shouldn't break emuls willy-nilly, for
people who need the emuls and who can live with reduced security. For,
say, machines dedicated to running commercial non-NetBSD apps under
emulation.
If a global sysctl which enables the `old' behaviour for all
(preferably all non-NetBSD) emuls will work, that seems a reasonable
compromise. (Until all the OSes being emulated fix all their mmap()s.)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]