Date: Sun, 25 May 2014 18:33:00 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Oliver Pinter <oliver.pntr@gmail.com> Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org, "Wojciech A. Koszek" <wkoszek@freebsd.org>, freebsd-stable@freebsd.org, Shawn Webb <lattera@gmail.com> Subject: Re: [CFT] ASLR, PIE, and segvguard on 11-current and 10-stable Message-ID: <86egzh6coz.fsf@nine.des.no> In-Reply-To: <CAPjTQNEycL=R1mUK5A=vk7OOV6XQv4Tfi%2B-Wbu3x6m1%2B5b082w@mail.gmail.com> (Oliver Pinter's message of "Sat, 24 May 2014 22:50:49 %2B0200") References: <20140514135852.GC3063@pwnie.vrt.sourcefire.com> <20140523195329.GC91702@FreeBSD.org> <20140524003525.GC2029@pwnie.vrt.sourcefire.com> <CAPjTQNEycL=R1mUK5A=vk7OOV6XQv4Tfi%2B-Wbu3x6m1%2B5b082w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Oliver Pinter <oliver.pntr@gmail.com> writes: > Two idea here: > a) create a tunable security.pax.expert_mode, and create sysctls at > boot time depending from expert mode > b) just add CTLFLAG_SKIP and hide the sysctl from normal user The cost of an unused sysctl is about a hundred bytes of kernel memory. What is the cost of the code required to turn it on and off, keeping in mind that most of the contents of the struct sysctl_oid must be present anyway so you can fill in the malloc()ed node? DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86egzh6coz.fsf>