Change the PaX mprotect(2) restrictions' "global_protection" knob to
just "global" -- it's shorter and more readable. Update documentation.
This commit is contained in:
parent
2f417d0f92
commit
5c38108d28
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: sysctl.3,v 1.182 2006/09/06 18:59:21 wiz Exp $
|
||||
.\" $NetBSD: sysctl.3,v 1.183 2006/09/26 14:48:40 elad Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -29,7 +29,7 @@
|
||||
.\"
|
||||
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95
|
||||
.\"
|
||||
.Dd September 6, 2006
|
||||
.Dd September 26, 2006
|
||||
.Dt SYSCTL 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -2083,7 +2083,7 @@ restrictions to better enforce a W^X policy. The value of this
|
||||
knob must be non-zero for PaX MPROTECT to be enabled, even if a
|
||||
process is already marked with
|
||||
.Em P_PAXMPROTECT .
|
||||
.It Li security.pax.mprotect.global_protection
|
||||
.It Li security.pax.mprotect.global
|
||||
Specifies the default global policy for programs without an
|
||||
explicit enable/disable flag.
|
||||
.Pp
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: sysctl.8,v 1.153 2006/09/05 00:29:35 rpaulo Exp $
|
||||
.\" $NetBSD: sysctl.8,v 1.154 2006/09/26 14:48:40 elad Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2004 The NetBSD Foundation, Inc.
|
||||
.\" All rights reserved.
|
||||
@ -61,7 +61,7 @@
|
||||
.\"
|
||||
.\" @(#)sysctl.8 8.1 (Berkeley) 6/6/93
|
||||
.\"
|
||||
.Dd September 5, 2006
|
||||
.Dd September 26, 2006
|
||||
.Dt SYSCTL 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -554,7 +554,7 @@ privilege can change the value.
|
||||
.It proc.\*[Lt]pid\*[Gt].stopfork int yes
|
||||
.It security.curtain integer yes
|
||||
.It security.pax.mprotect.enabled integer yes
|
||||
.It security.pax.mprotect.global_protection integer yes
|
||||
.It security.pax.mprotect.global integer yes
|
||||
.It user.bc_base_max integer no
|
||||
.It user.bc_dim_max integer no
|
||||
.It user.bc_scale_max integer no
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: options.4,v 1.334 2006/09/23 11:16:50 wiz Exp $
|
||||
.\" $NetBSD: options.4,v 1.335 2006/09/26 14:48:40 elad Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1996
|
||||
.\" Perry E. Metzger. All rights reserved.
|
||||
@ -30,7 +30,7 @@
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\"
|
||||
.Dd September 20, 2006
|
||||
.Dd September 26, 2006
|
||||
.Os
|
||||
.Dt OPTIONS 4
|
||||
.Sh NAME
|
||||
@ -2204,7 +2204,7 @@ restrictions from the PaX project.
|
||||
The
|
||||
.Ar value
|
||||
is the default value for the
|
||||
.Em global_protection
|
||||
.Em global
|
||||
knob, see
|
||||
.Xr sysctl 3 .
|
||||
If 0, PaX MPROTECT will be enabled only if explicitly set on programs
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: kern_pax.c,v 1.3 2006/05/20 15:45:37 elad Exp $ */
|
||||
/* $NetBSD: kern_pax.c,v 1.4 2006/09/26 14:48:40 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
|
||||
@ -73,7 +73,7 @@ SYSCTL_SETUP(sysctl_security_pax_setup, "sysctl security.pax setup")
|
||||
CTL_CREATE, CTL_EOL);
|
||||
sysctl_createv(clog, 0, &rnode, NULL,
|
||||
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
||||
CTLTYPE_INT, "global_protection",
|
||||
CTLTYPE_INT, "global",
|
||||
SYSCTL_DESCR("When enabled, unless explicitly "
|
||||
"specified, apply restrictions to"
|
||||
"all processes."),
|
||||
|
Loading…
Reference in New Issue
Block a user