Changeset View
Standalone View
sys/conf/NOTES
Context not available. | |||||
# Module to enable execution of application via emulators like QEMU | # Module to enable execution of application via emulators like QEMU | ||||
options IMAGACT_BINMISC | options IMAGACT_BINMISC | ||||
# Address Space Layout Randomization (ASLR) | |||||
options PAX_ASLR | |||||
options PAX_SYSCTLS | |||||
Context not available. | |||||
rwatson: Should this be named PAX_DEBUG, PAX_TEST, or similar? | |||||
Not Done Inline ActionsNo. Setting this kernel option exposes extra sysctls that the user can modify at runtime. lattera-gmail.com: No. Setting this kernel option exposes extra sysctls that the user can modify at runtime. | |||||
Not Done Inline ActionsIs there a reason to ifdef them if they aren't limited to debugging? rwatson: Is there a reason to ifdef them if they aren't limited to debugging? | |||||
Not Done Inline ActionsYes. If we should restrict the system, then we just remove this knobs, and the ASLR status enforced by boot time settings, and able to change them on the fly. This is required by some bastion system. op: Yes. If we should restrict the system, then we just remove this knobs, and the ASLR status… | |||||
Not Done Inline ActionsDoes it make more sense to leave the monitoring sysctls but instead twiddle them to be read-only? This allows checking the conditions and configuration of ASLR even though it can't be changed. rwatson: Does it make more sense to leave the monitoring sysctls but instead twiddle them to be read… | |||||
Not Done Inline Actionsop: https://github.com/HardenedBSD/hardenedBSD/issues/21 | |||||
Not Done Inline ActionsIt would be useful I think to have a bit of explanation of the background behind PAX (the name and history). Right now the archiver man page for pax(1) may be the first/only thing people find. emaste: It would be useful I think to have a bit of explanation of the background behind PAX (the name… | |||||
Not Done Inline ActionsSure, we should write more about the origin. Shawn currently writing the ASLR's man page: https://github.com/HardenedBSD/hardenedBSD/commit/73b0448c3531e5a2e869a0c6a602d64c441c49a7 op: Sure, we should write more about the origin. Shawn currently writing the ASLR's man page: https… |
Should this be named PAX_DEBUG, PAX_TEST, or similar?