From: Erik E. Fair (fairnetbsd.org)
Date: Tue Jun 22 2004 - 11:09:26 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The point is to make sure that the user understands the risks
they're running. We now have a new statement to make:

        When you're running binaries compiled specifically for
        NetBSD, you are protected against the exploitation of a
        class of programming mistakes that can lead to system
        security issues, because the NetBSD kernel uses the system
        Memory Management Unit (MMU) to prevent code from executing
        on the CPU stack and in other places that have proven
        "unsafe" in practice.

        However, when you run a binary compiled for Linux (or fill
        in your favorite emulation here), this protection is not
        available because it causes too many Linux programs to fail
        (i.e. they depend on this unsafe capability). We suggest
        that you consider this issue carefully when you decide
        which programs to run on your system.

        We recommend that you use only programs that were specifically
        compiled for NetBSD. If your software vendor does not
        provide such support, please consider asking them for this.

The main thing I think we're disagreeing about is how loudly to
say this.

        Erik <fairnetbsd.org>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]