Date: Sun, 25 May 2014 19:23:53 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Oliver Pinter <oliver.pntr@gmail.com> Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org, freebsd-stable@freebsd.org, Shawn Webb <lattera@gmail.com> Subject: Re: [CFT] ASLR, PIE, and segvguard on 11-current and 10-stable Message-ID: <86a9a56ac6.fsf@nine.des.no> In-Reply-To: <CAPjTQNG9pGLbDF7a8b%2B9s_NRD3Rq-sLnj7AXczjB=Ko_S44C3A@mail.gmail.com> (Oliver Pinter's message of "Sat, 24 May 2014 01:24:30 %2B0200") References: <20140514135852.GC3063@pwnie.vrt.sourcefire.com> <CAPjTQNG9pGLbDF7a8b%2B9s_NRD3Rq-sLnj7AXczjB=Ko_S44C3A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Oliver Pinter <oliver.pntr@gmail.com> writes: > PAX LOG: implement new logging subsystem > PAX LOG: fix pax_ulog_segvguard > PAX LOG: added sysctl's and tunables > PAX ASLR: use PAX LOG > PAX LOG: fix pax_ulog_##name() > PAX LOG: fix prison init > PAX LOG: fixed log and ulog sysctl What exactly is the purpose of PAX LOG? Have you considered using ktrace instead? > PAX: blacklist clang and related binaries from PIE support Why? Performance, or do they actually break? > PAX ASLR: Blacklist the applications that don't support being built= as a position-independent executable "don't support" as in you have tested them and confirmed that they break in some way? Could you post your test methodology so people can replicate the failures and look into fixing them? > PAX ASLR: Use a full kernel config for LATT-ASLR What is the difference between LATT-ASLR and OP-ASLR, and why not just "include GENERIC"? You know about "nooptions", right? > Revert "PAX: blacklist clang and related binaries from PIE support" > Revert "Revert "PAX: blacklist clang and related binaries from PIE = support"" Hmm... DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86a9a56ac6.fsf>