From: Bill Studenmund (wrstudennetbsd.org)
Date: Mon Jun 21 2004 - 23:26:42 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 21, 2004 at 09:55:17AM -0400, Thor Lancelot Simon wrote:
> On Sun, Jun 20, 2004 at 10:55:23AM -0700, Chuck Silvers wrote:
> >
> > it would be safest to default to making everything executable for other
> > emulations until it can be verified that those binaries work ok with
> > non-executable mappings. this seems fine to me.
>
> I strongly disagree; this would be a regression, with no warning to the
> user, in system security. Adding a COMPAT_ option shouldn't punch a giant
> hole in a fundamental security mechanism.

How is this a regression? My understanding of the discussion is we would
disable non-exec mappings only for the emulaitons where the original OS
didn't do non-exec. My understanding of the reason for the discussion is
that some OSs, Linux/PPC for one, seem to depend on being able to exec
mappings we mark as non-exec. Thus we're imposing a restriction the OS
didn't, and breaking programs in the process.

So we either have programs that don't work, or programs that are as secure
as they were. I don't see how that is a regression. Yes, it is less
security than our current applications have, but that strikes me as a
reason to not use emulated programs, not a reason to break them.

I think it'd be a good idea to have a per-emulation sysctl, so we can tune
this behavior.

I think it would also be appropriate to note that emulations operate with
less security than native apps.

Take care,

Bill

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFA17UCWz+3JHUci9cRArJDAKCLsGudYa1iVzUFj+mjacwCpy0RsACeKPpS
G0kJ4cZI+OhIq66P1bHLJyE=
=8wGR
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]