[src/trunk]: src/sys/arch/pmax/conf add aslr/mprotect et.al.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/arch/pmax/conf add aslr/mprotect et.al.
From: christos <christos%NetBSD.org@localhost>
Date: Tue, 31 Jul 2018 20:26:35 +0000

details:   https://anonhg.NetBSD.org/src/rev/6a0ab3801e6b
branches:  trunk
changeset: 347574:6a0ab3801e6b
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Sep 03 12:27:35 2016 +0000

description:
add aslr/mprotect et.al.

diffstat:

 sys/arch/pmax/conf/GENERIC |  28 +++++++++++++++++-----------
 1 files changed, 17 insertions(+), 11 deletions(-)

diffs (52 lines):

diff -r 2c72579a4c59 -r 6a0ab3801e6b sys/arch/pmax/conf/GENERIC
--- a/sys/arch/pmax/conf/GENERIC        Sat Sep 03 12:20:58 2016 +0000
+++ b/sys/arch/pmax/conf/GENERIC        Sat Sep 03 12:27:35 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.185 2014/11/16 16:01:42 manu Exp $
+# $NetBSD: GENERIC,v 1.186 2016/09/03 12:27:35 christos Exp $
 #
 # GENERIC machine description file
 # 
@@ -22,7 +22,7 @@
 
 options        INCLUDE_CONFIG_FILE     # embed config file in kernel binary
 
-#ident         "GENERIC-$Revision: 1.185 $"
+#ident         "GENERIC-$Revision: 1.186 $"
 
 maxusers       64
 
@@ -321,18 +321,24 @@
 pseudo-device  wsfont                  # wsfont control device
 pseudo-device  wsmux                   # wsmux control device
 
+options        FILEASSOC               # fileassoc(9) - required for Veriexec
+
 # Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
+pseudo-device  veriexec
 #
 # Uncomment the fingerprint methods below that are desired. Note that
 # removing fingerprint methods will have almost no impact on the kernel
 # code size.
 #
-#options VERIFIED_EXEC_FP_RMD160
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
-#options VERIFIED_EXEC_FP_SHA1
-#options VERIFIED_EXEC_FP_MD5
+options        VERIFIED_EXEC_FP_RMD160
+options        VERIFIED_EXEC_FP_SHA256
+options        VERIFIED_EXEC_FP_SHA384
+options        VERIFIED_EXEC_FP_SHA512
+options        VERIFIED_EXEC_FP_SHA1
+options        VERIFIED_EXEC_FP_MD5
+
+options        PAX_ASLR_DEBUG=1        # PaX ASLR debug
+options        PAX_SEGVGUARD=0         # PaX Segmentation fault guard
+options        PAX_MPROTECT=1          # PaX mprotect(2) restrictions
+options        PAX_MPROTECT_DEBUG=1    # PaX mprotect debug
+options        PAX_ASLR=1              # PaX Address Space Layout Randomization

Prev by Date: [src/trunk]: src/sys vsize_t is not always u_long :-)
Next by Date: [src/trunk]: src/share/mk Switch mips32 to new binutils/gcc/gdb/pie. Tested w...
Previous by Thread: [src/trunk]: src/sys vsize_t is not always u_long :-)
Next by Thread: [src/trunk]: src/share/mk Switch mips32 to new binutils/gcc/gdb/pie. Tested w...
Indexes:

Home | Main Index | Thread Index | Old Index