diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2016-05-27 19:45:05 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2016-05-27 19:45:05 +0000 |
commit | 78b5afaf3f7a760112fbfce28204da6440738775 (patch) | |
tree | 0a7f3cad12fe378e14e0b60deee9ab6a5bcd3e7d /sbin/mount_nfs | |
parent | 7460ea7c8796fa4a440ed3fc75c19fe120c96c5d (diff) |
W^X violations are no longer permitted by default. A kernel log message
is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag
kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump
creation.
W^X violating programs can be permitted on a ffs/nfs filesystem-basis,
using the "wxallowed" mount option. One day far in the future
upstream software developers will understand that W^X violations are a
tremendously risky practice and that style of programming will be
banished outright. Until then, we recommend most users need to use the
wxallowed option on their /usr/local filesystem. At least your other
filesystems don't permit such programs.
ok jca kettenis mlarkin natano
Diffstat (limited to 'sbin/mount_nfs')
-rw-r--r-- | sbin/mount_nfs/mount_nfs.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sbin/mount_nfs/mount_nfs.c b/sbin/mount_nfs/mount_nfs.c index 8d3094a8fa9..21b4cc54e77 100644 --- a/sbin/mount_nfs/mount_nfs.c +++ b/sbin/mount_nfs/mount_nfs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mount_nfs.c,v 1.52 2015/01/16 06:39:59 deraadt Exp $ */ +/* $OpenBSD: mount_nfs.c,v 1.53 2016/05/27 19:45:04 deraadt Exp $ */ /* $NetBSD: mount_nfs.c,v 1.12.4.1 1996/05/25 22:48:05 fvdl Exp $ */ /* @@ -85,6 +85,7 @@ const struct mntopt mopts[] = { MOPT_STDOPTS, + MOPT_WXALLOWED, MOPT_FORCE, MOPT_UPDATE, MOPT_SYNC, |