On 2016/05/27 13:45, Theo de Raadt wrote: > CVSROOT: /cvs > Module name: src > Changes by: dera...@cvs.openbsd.org 2016/05/27 13:45:04 > > Modified files: > lib/libc/sys : mmap.2 mount.2 mprotect.2 > sbin/mount : mntopts.h mount.8 mount.c > sbin/mount_ffs : mount_ffs.c > sbin/mount_nfs : mount_nfs.c > sys/kern : kern_sysctl.c vfs_syscalls.c > sys/sys : mount.h sysctl.h > sys/uvm : uvm_mmap.c > usr.sbin/pstat : pstat.c > > Log message: > W^X violations are no longer permitted by default. A kernel log message > is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag > kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump > creation. > > W^X violating programs can be permitted on a ffs/nfs filesystem-basis, > using the "wxallowed" mount option. One day far in the future > upstream software developers will understand that W^X violations are a > tremendously risky practice and that style of programming will be > banished outright. Until then, we recommend most users need to use the > wxallowed option on their /usr/local filesystem. At least your other > filesystems don't permit such programs. > > ok jca kettenis mlarkin natano >
ok sthen as well, I've used large parts of this diff in several ports bulk builds. Drawing more attention to it: as you mentioned in the faq/current.html entry, ports builders will need wxallowed at this point to get their builds to complete.
