summaryrefslogtreecommitdiff
path: root/sbin/mount_nfs
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2016-05-27 19:45:05 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2016-05-27 19:45:05 +0000
commit78b5afaf3f7a760112fbfce28204da6440738775 (patch)
tree0a7f3cad12fe378e14e0b60deee9ab6a5bcd3e7d /sbin/mount_nfs
parent7460ea7c8796fa4a440ed3fc75c19fe120c96c5d (diff)
W^X violations are no longer permitted by default. A kernel log message
is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump creation. W^X violating programs can be permitted on a ffs/nfs filesystem-basis, using the "wxallowed" mount option. One day far in the future upstream software developers will understand that W^X violations are a tremendously risky practice and that style of programming will be banished outright. Until then, we recommend most users need to use the wxallowed option on their /usr/local filesystem. At least your other filesystems don't permit such programs. ok jca kettenis mlarkin natano
Diffstat (limited to 'sbin/mount_nfs')
-rw-r--r--sbin/mount_nfs/mount_nfs.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/sbin/mount_nfs/mount_nfs.c b/sbin/mount_nfs/mount_nfs.c
index 8d3094a8fa9..21b4cc54e77 100644
--- a/sbin/mount_nfs/mount_nfs.c
+++ b/sbin/mount_nfs/mount_nfs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mount_nfs.c,v 1.52 2015/01/16 06:39:59 deraadt Exp $ */
+/* $OpenBSD: mount_nfs.c,v 1.53 2016/05/27 19:45:04 deraadt Exp $ */
/* $NetBSD: mount_nfs.c,v 1.12.4.1 1996/05/25 22:48:05 fvdl Exp $ */
/*
@@ -85,6 +85,7 @@
const struct mntopt mopts[] = {
MOPT_STDOPTS,
+ MOPT_WXALLOWED,
MOPT_FORCE,
MOPT_UPDATE,
MOPT_SYNC,