tech-kern: Re: segvguard [was: Re: CVS commit: src/sys/sys]

Subject: Re: segvguard [was: Re: CVS commit: src/sys/sys]
To: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 11/30/2006 15:59:32

YAMAMOTO Takashi wrote:
>>      PaX Segvguard makes use of kernel memory, so use it wisely.  While
>>      it provides rate-limiting protections, it works on a per-program
>>      basis for keeping its records, meaning that irresponsible use may
>>      result in keeping track of all segfaults in the system, easily
>>      wasting all kernel memory.
> 
> are you talking about pax_segvguard_entry etc?

yes.

>>      For this reason, it is highly recommended to have PaX Segvguard
>>      enabled explicitly only for network services etc.  Enabling PaX
>>      Segvguard explicitly works like this:
>>
>>            # paxctl +G /usr/sbin/sshd
> 
>>      Explicitly disabling PaX Segvguard can be done like this:
>>
>>            # paxctl +g /bin/ls
> 
> why do you want to disable it?
> ie. why do you want to use two bits in PF_MASKOS?

flexibility. like with mprotect restrictions, we allow the admin to do
any of the following:

  - enable it for all binaries except those marked as "disable"
  - disable it for all binaries except those marked "enable"

the first implementation used a single bit, "toggle", that meant
"exactly the opposite of the global flag". due to objections I
introduced two explicit flags.

like I already said, if you have a better suggestion on where to
store these flags, it's fine with me.

-e.

-- 
Elad Efrat