From owner-freebsd-security@FreeBSD.ORG  Sun May 25 21:18:32 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 8A1FCBED;
 Sun, 25 May 2014 21:18:32 +0000 (UTC)
Received: from theravensnest.org (theraven.freebsd.your.org [216.14.102.27])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "cloud.theravensnest.org",
 Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 50942227E;
 Sun, 25 May 2014 21:18:31 +0000 (UTC)
Received: from [192.168.0.96] (cpc14-cmbg15-2-0-cust307.5-4.cable.virginm.net
 [82.26.1.52]) (authenticated bits=0)
 by theravensnest.org (8.14.7/8.14.7) with ESMTP id s4PLIOiD085171
 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);
 Sun, 25 May 2014 21:18:27 GMT (envelope-from theraven@FreeBSD.org)
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: [CFT] ASLR, PIE, and segvguard on 11-current and 10-stable
From: David Chisnall <theraven@FreeBSD.org>
In-Reply-To: <CAPjTQNFrkmaXY_TcJBjDa8tUJOY4nPD+iPVwk0Z0rpWHK8UeKQ@mail.gmail.com>
Date: Sun, 25 May 2014 22:18:19 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <38F830B6-4B52-4372-9BC6-565B2387720F@FreeBSD.org>
References: <20140514135852.GC3063@pwnie.vrt.sourcefire.com>
 <CAPjTQNG9pGLbDF7a8b+9s_NRD3Rq-sLnj7AXczjB=Ko_S44C3A@mail.gmail.com>
 <86a9a56ac6.fsf@nine.des.no>
 <CAPjTQNE6V+MAMg4KODVhLckq9p=kpKZPmSK=LEtQkcfZqVi7SA@mail.gmail.com>
 <86wqd94nk6.fsf@nine.des.no>
 <CAPjTQNFrkmaXY_TcJBjDa8tUJOY4nPD+iPVwk0Z0rpWHK8UeKQ@mail.gmail.com>
To: Oliver Pinter <oliver.pntr@gmail.com>
X-Mailer: Apple Mail (2.1874)
X-Mailman-Approved-At: Sun, 25 May 2014 23:52:44 +0000
Cc: freebsd-stable@freebsd.org, dim@freebsd.org, Shawn Webb <lattera@gmail.com>,
 freebsd-security@freebsd.org, freebsd-current@freebsd.org,
 =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 25 May 2014 21:18:32 -0000

On 25 May 2014, at 21:31, Oliver Pinter <oliver.pntr@gmail.com> wrote:

> On 5/25/14, Dag-Erling Sm=F8rgrav <des@des.no> wrote:
>> Oliver Pinter <oliver.pntr@gmail.com> writes:
>>> pax_log will be in future a generic pax related logging framework,
>>> with ratelimiting and other features.  It will log user, IP, binary
>>> name, path, checksum, and others.
>>=20
>> What are you using this for?  Are you sure you can't use ktrace?  =
It's a
>> lot more flexible and powerful than you probably realize.
>=20
> Logging to system log, The feature will similar to this in grsecurity:
> =
http://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Config=
uration_Options#Kernel_Auditing

It sounds like you actually want to be writing audit events then.  See =
audit(4).

David