Tim Rightnour wrote:
> On 18-Dec-2005 matthew green wrote:
> 
>>you fail to understand the performance issue here.  when, eg, libc is
>>not mapped at the same address as other processes, the performance hit
>>is in the range of 30-40% on some platforms.  it's not about start up
>>it is about the MMU being constantly trashed.
> 
> 
> Whats the harm in providing the switch to turn it on though?  It sounds like a
> reasonable not-on-by-default kind of security thing.

Not only should it be switchable, it must be compilable out.  I should be able
to build a kernel without these security features.

> Speaking personally.. I don't care if we have a million security features in
> the kernel, as long as I can shut the annoying ones off, and the test-for-off
> code doesn't bog the kernel down.

and as long as I can prevent them from getting into the kernel.  Do INSTALL
kernels need these?  I doubt it.
-- 
Matt Thomas                     email: matt@3am-software.com
3am Software Foundry              www: http://3am-software.com/bio/matt/
Cupertino, CA              disclaimer: I avow all knowledge of this message.