Re: Compiling PAX support in Xen dom0+domU

To: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Subject: Re: Compiling PAX support in Xen dom0+domU
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Thu, 17 Dec 2009 11:56:56 +0100

On Thu, Dec 17, 2009 at 12:41:26AM +0100, Jean-Yves Migeon wrote:
> Dear lists,
>
> Would anyone object if PaX support (ASLR and mprotect) is compiled in by  
> default for Xen dom0 and domU? This would bring the Xen kernels closer  
> to what native x86 provide in terms of exploit mitigation.
>
> Kernels will get bigger by ~4k. sysctl, paxctl(8) usage would be the  
> exact same as for native i386 and amd64.
>
> See security(8) if you want to know what PaX is.

No objection from me. Just make sure the kernel still works with
PaX enabled :)

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

References:
- Compiling PAX support in Xen dom0+domU
  - From: Jean-Yves Migeon

Prev by Date: Compiling PAX support in Xen dom0+domU
Next by Date: properly ipf config on dom0
Previous by Thread: Compiling PAX support in Xen dom0+domU
Next by Thread: properly ipf config on dom0
Indexes:

Home | Main Index | Thread Index | Old Index