Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Turn on MPROTECT on GENERIC and both MPROTECT and ASLR on XEN*

Browse Source
This commit is contained in:
christos 2016-05-14 17:11:30 +00:00
parent 2a096139aa
commit 931302e025
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/arch/amd64/conf/GENERIC
View File

@ -1,4 +1,4 @@
# $NetBSD: GENERIC,v 1.432 2016/05/01 10:21:01 nonaka Exp $
# $NetBSD: GENERIC,v 1.433 2016/05/14 17:11:30 christos Exp $
#
# GENERIC machine description file
#
@ -22,7 +22,7 @@ include "arch/amd64/conf/std.amd64"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
#ident "GENERIC-$Revision: 1.432 $"
#ident "GENERIC-$Revision: 1.433 $"
maxusers 64 # estimated number of users
@ -1319,6 +1319,6 @@ options VERIFIED_EXEC_FP_MD5
options PAX_ASLR_DEBUG=1 # PaX ASLR debug
options PAX_SEGVGUARD=0 # PaX Segmentation fault guard
options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
options PAX_MPROTECT=1 # PaX mprotect(2) restrictions
options PAX_MPROTECT_DEBUG=1 # PaX mprotect debug
options PAX_ASLR=1 # PaX Address Space Layout Randomization

6
sys/arch/amd64/conf/XEN3_DOM0
View File

@ -1,4 +1,4 @@
# $NetBSD: XEN3_DOM0,v 1.118 2016/05/01 10:21:01 nonaka Exp $
# $NetBSD: XEN3_DOM0,v 1.119 2016/05/14 17:11:30 christos Exp $
include "arch/amd64/conf/std.xen"
@ -854,8 +854,8 @@ pseudo-device xenevt
pseudo-device xvif
pseudo-device xbdback
options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
options PAX_ASLR=0 # PaX Address Space Layout Randomization
options PAX_MPROTECT=1 # PaX mprotect(2) restrictions
options PAX_ASLR=1 # PaX Address Space Layout Randomization
# Atheros HAL options
include "external/isc/atheros_hal/conf/std.ath_hal"

6
sys/arch/amd64/conf/XEN3_DOMU
View File

@ -1,4 +1,4 @@
# $NetBSD: XEN3_DOMU,v 1.64 2015/11/10 13:01:41 tnn Exp $
# $NetBSD: XEN3_DOMU,v 1.65 2016/05/14 17:11:30 christos Exp $
include "arch/amd64/conf/std.xen"
@ -231,8 +231,8 @@ pseudo-device bridge # simple inter-network bridging
#pseudo-device pfsync # PF sync if
#pseudo-device npf # NPF packet filter
options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
options PAX_ASLR=0 # PaX Address Space Layout Randomization
options PAX_MPROTECT=1 # PaX mprotect(2) restrictions
options PAX_ASLR=1 # PaX Address Space Layout Randomization
# miscellaneous pseudo-devices
pseudo-device pty # pseudo-terminals