From 78b5afaf3f7a760112fbfce28204da6440738775 Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Fri, 27 May 2016 19:45:05 +0000 Subject: W^X violations are no longer permitted by default. A kernel log message is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump creation. W^X violating programs can be permitted on a ffs/nfs filesystem-basis, using the "wxallowed" mount option. One day far in the future upstream software developers will understand that W^X violations are a tremendously risky practice and that style of programming will be banished outright. Until then, we recommend most users need to use the wxallowed option on their /usr/local filesystem. At least your other filesystems don't permit such programs. ok jca kettenis mlarkin natano --- usr.sbin/pstat/pstat.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'usr.sbin') diff --git a/usr.sbin/pstat/pstat.c b/usr.sbin/pstat/pstat.c index 28a65fc6032..38b8e9de386 100644 --- a/usr.sbin/pstat/pstat.c +++ b/usr.sbin/pstat/pstat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pstat.c,v 1.104 2016/05/25 13:32:29 deraadt Exp $ */ +/* $OpenBSD: pstat.c,v 1.105 2016/05/27 19:45:04 deraadt Exp $ */ /* $NetBSD: pstat.c,v 1.27 1996/10/23 22:50:06 cgd Exp $ */ /*- @@ -723,6 +723,11 @@ mount_print(struct mount *mp) flags &= ~MNT_EXPORTANON; comma = ","; } + if (flags & MNT_WXALLOWED) { + (void)printf("%swxallowed", comma); + flags &= ~MNT_WXALLOWED; + comma = ","; + } if (flags & MNT_LOCAL) { (void)printf("%slocal", comma); flags &= ~MNT_LOCAL; -- cgit v1.2.3