CVSROOT: /cvs
Module name: src
Changes by: kette...@cvs.openbsd.org 2023/04/24 04:22:06
Modified files:
sys/kern : kern_exec.c
Log message:
Abuse the wxallowed flag to decide whether we should enforce branch target
or not. The idea is that since /usr/local has wxallowed by default this
will enable enforcement for base while leaving ports alone for now. This
will help us transition to a state where ports are properly marked and
allow us to establish that base is really clean.
Also add an exception for chrome. Chrome already appears to be clean on
arm64 and this exception can be easily modified for testing other ports.
This will screw over people that deliberately disable wxallowed on
/usr/local or who don't have a separate partition for /usr/local. We
think that is an acceptable compromise for the next months.
ok robert@, deraadt@ (who came up with the idea)
