Module Name: src
Committed By: christos
Date: Fri May 20 01:37:47 UTC 2016
Modified Files:
src/sys/arch/i386/conf: GENERIC
Log Message:
Turn on PaX ASLR/MPROTECT
To generate a diff of this commit:
cvs rdiff -u -r1.1135 -r1.1136 src/sys/arch/i386/conf/GENERIC
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/i386/conf/GENERIC
diff -u src/sys/arch/i386/conf/GENERIC:1.1135 src/sys/arch/i386/conf/GENERIC:1.1136
--- src/sys/arch/i386/conf/GENERIC:1.1135 Sat Apr 23 06:15:29 2016
+++ src/sys/arch/i386/conf/GENERIC Thu May 19 21:37:47 2016
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.1135 2016/04/23 10:15:29 skrll Exp $
+# $NetBSD: GENERIC,v 1.1136 2016/05/20 01:37:47 christos Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/i386/conf/std.i386"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.1135 $"
+#ident "GENERIC-$Revision: 1.1136 $"
maxusers 64 # estimated number of users
@@ -1713,5 +1713,8 @@ options VERIFIED_EXEC_FP_SHA512
options VERIFIED_EXEC_FP_SHA1
options VERIFIED_EXEC_FP_MD5
-options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
-options PAX_ASLR=0 # PaX Address Space Layout Randomization
+options PAX_ASLR_DEBUG=1 # PaX ASLR debug
+options PAX_SEGVGUARD=0 # PaX Segmentation fault guard
+options PAX_MPROTECT=1 # PaX mprotect(2) restrictions
+options PAX_MPROTECT_DEBUG=1 # PaX mprotect debug
+options PAX_ASLR=1 # PaX Address Space Layout Randomization
