W^X violations are no longer permitted by default. A kernel log message

is generated, and mprotect/mmap return ENOTSUP.  If the sysctl(8) flag
kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump
creation.

W^X violating programs can be permitted on a ffs/nfs filesystem-basis,
using the "wxallowed" mount option.  One day far in the future
upstream software developers will understand that W^X violations are a
tremendously risky practice and that style of programming will be
banished outright.  Until then, we recommend most users need to use the
wxallowed option on their /usr/local filesystem.  At least your other
filesystems don't permit such programs.

ok jca kettenis mlarkin natano

1 files changed, 6 insertions, 1 deletions

diff --git a/usr.sbin/pstat/pstat.c b/usr.sbin/pstat/pstat.c
index 28a65fc6032..38b8e9de386 100644
--- a/usr.sbin/pstat/pstat.c
+++ b/usr.sbin/pstat/pstat.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pstat.c,v 1.104 2016/05/25 13:32:29 deraadt Exp $	*/
+/*	$OpenBSD: pstat.c,v 1.105 2016/05/27 19:45:04 deraadt Exp $	*/
 /*	$NetBSD: pstat.c,v 1.27 1996/10/23 22:50:06 cgd Exp $	*/
 
 /*-
@@ -723,6 +723,11 @@ mount_print(struct mount *mp)
 			flags &= ~MNT_EXPORTANON;
 			comma = ",";
 		}
+		if (flags & MNT_WXALLOWED) {
+			(void)printf("%swxallowed", comma);
+			flags &= ~MNT_WXALLOWED;
+			comma = ",";
+		}
 		if (flags & MNT_LOCAL) {
 			(void)printf("%slocal", comma);
 			flags &= ~MNT_LOCAL;