Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/arch/landisk/conf Turn on ASLR/MPROTECT
details: https://anonhg.NetBSD.org/src/rev/fcf62aec5d16
branches: trunk
changeset: 347500:fcf62aec5d16
user: christos <christos%NetBSD.org@localhost>
date: Sun Aug 28 14:23:00 2016 +0000
description:
Turn on ASLR/MPROTECT
diffstat:
sys/arch/landisk/conf/GENERIC | 26 ++++++++++++++++++++++++--
1 files changed, 24 insertions(+), 2 deletions(-)
diffs (44 lines):
diff -r 1612ed7ace4a -r fcf62aec5d16 sys/arch/landisk/conf/GENERIC
--- a/sys/arch/landisk/conf/GENERIC Sun Aug 28 14:22:35 2016 +0000
+++ b/sys/arch/landisk/conf/GENERIC Sun Aug 28 14:23:00 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.48 2016/03/19 23:21:03 gdt Exp $
+# $NetBSD: GENERIC,v 1.49 2016/08/28 14:23:00 christos Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.48 $"
+#ident "GENERIC-$Revision: 1.49 $"
maxusers 16 # estimated number of users
@@ -476,3 +476,25 @@
# wscons pseudo-devices
pseudo-device wsmux # mouse & keyboard multiplexor
#pseudo-device wsfont
+
+options FILEASSOC # fileassoc(9) - required for Veriexec
+
+# Veriexec
+pseudo-device veriexec
+#
+# Uncomment the fingerprint methods below that are desired. Note that
+# removing fingerprint methods will have almost no impact on the kernel
+# code size.
+#
+options VERIFIED_EXEC_FP_RMD160
+options VERIFIED_EXEC_FP_SHA256
+options VERIFIED_EXEC_FP_SHA384
+options VERIFIED_EXEC_FP_SHA512
+options VERIFIED_EXEC_FP_SHA1
+options VERIFIED_EXEC_FP_MD5
+
+options PAX_ASLR_DEBUG=1 # PaX ASLR debug
+options PAX_SEGVGUARD=0 # PaX Segmentation fault guard
+options PAX_MPROTECT=1 # PaX mprotect(2) restrictions
+options PAX_MPROTECT_DEBUG=1 # PaX mprotect debug
+options PAX_ASLR=1 # PaX Address Space Layout Randomization
Home |
Main Index |
Thread Index |
Old Index