Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: PaX mprotect now on for amd64
On 14 May 2016 at 18:09, Christos Zoulas <christos%zoulas.com@localhost> wrote:
>
> Hi,
>
> I just turned on mprotect for amd64. The following sysctls have
> been set to 1
>
> security.pax.mprotect.enable=1
> security.pax.mprotect.global=1
>
> If you want to see what processes hit this you can:
>
> security.pax.mprotect.debug=1
>
> This breaks programs that need to map segments both writable and executable,
> for example java. To fix them you can:
>
> paxctl +m /path/to/bin/java
Very nice :)
Would it make sense to (possibly optionally) integrate this into
pkgsrc builds for at least java? (the paxctl +m call)
Home |
Main Index |
Thread Index |
Old Index