User Details
- User Since
- Oct 29 2015, 5:25 PM (477 w, 2 d)
- Roles
- Administrator
Jun 27 2024
Jun 26 2024
Overall, I think this approach has value. See my in-line comments for suggestions on things to review further.
Jun 21 2024
Thanks! I like this approach. I've added a few comments about potential enhancements.
May 31 2024
Can you give a brief explanation of the problem this is supposed to solve?
May 30 2024
Should we check for TCP_FUNC_BEING_REMOVED?
Dec 20 2023
Dec 19 2023
Nov 17 2023
Nov 16 2023
Nov 7 2023
Oct 30 2023
Sep 15 2023
Jun 1 2023
May 31 2023
May 27 2023
For what its worth...
May 9 2023
Apr 17 2023
Incorporate two suggestions from @jhb.
Apr 10 2023
Apr 7 2023
Mar 31 2023
Updated the diff to upgrade the delay field from u_short to u_int in struct lock_delay_arg. Due to alignment requirements, this probably won't actually change the size or in-memory layout of the structure at all.
Mar 4 2023
Mar 3 2023
Mar 2 2023
Dec 15 2022
By the way, I should clarify that I am not opposed to this change; rather, my previous comment was merely intended to help explain what I view as the implications of the change and advocate that we make sure there is sufficiently broad agreement to proceed.
The rationale for the present state is found here.
Sep 28 2022
Functionally committed in D36716
Sep 26 2022
Sep 23 2022
Fix the man page description of the vm.enforce_wxorx sysctl/tunable to indicate that a value of 2 both denies mappings and sends a signal.
Addressed review feedback.
Restored defaults.
Sep 21 2022
Added a section to the security(7) man page in an attempt to clarify the controls which will be available if this change is merged.
Sep 16 2022
Made changes based on review:
- Switch from syslog to uprintf() for reporting ELF W^X failure.
- Separate W^X logging and enforcement.
- Change test for which processes to signal. (Now, system processes, processes which are still starting, and kernel threads are exempt.)
- Switch from using SIGSEGV to SIGTRAP with a descriptive code.
Sep 15 2022
Changes suggested in the review:
- Added entry to UPDATING.
- Updated security(7) man page.
Sep 9 2022
Sep 22 2021
Jun 17 2021
May 20 2021
Apr 12 2021
Apr 1 2021
Thanks for doing this! It looks like a very positive change, and I'm sure there was a lot of effort put into finding the right way to clean up the code.
Thanks for doing this so quickly!
Mar 31 2021
FWIW, I disagree with this change. I think we should instead use atomic operations here.
Mar 12 2021
This is the change I am planning to commit once the regression tests finish running.
Mar 11 2021
Jan 14 2021
Dec 4 2020
This does not fix the regression I am experiencing in my test setup. I am testing with a machine which uses a LAGG interface to communicate with the outside world. Shutting this interface down still makes my SSH sessions hang.
Dec 3 2020
I just saw the discussion on the committers mailing list. First, it shows that @cy already has a proposed fix. Secondly, it shows that this is a larger issue (for example, netboot), which probably needs a different solution.
Nov 20 2020
Nov 17 2020
Updating the diff to include context.
While here, update the code in ctf_add_generic() to encode empty type names with index 0. This fixes the analogous case for type names.