On Fri, Oct 18, 2019 at 07:39:26AM -0600, Nelson H. F. Beebe wrote: > Because I dislike splitting disks into numerous partitions, each of > whose sizes is a future show-stopper when they prove too small, I > generally split disks into just root + swap. Thus, I find on our > currently 7 versions of OpenBSD 6.x in our test farm reports like > this: > > # mount > /dev/wd0a on / type ffs (local, wxallowed)
You are creating your own problem. By default, /usr/local is mounted wxallowed. If you choose to create a single root partition, you're responsible for maintaining your own exploit mitigation countermeasures. > The output of "man mount" says > > wxallowed Processes that ask for memory to be made writeable > plus executable using the mmap(2) and mprotect(2) > system calls are killed by default. This option > allows those processes to continue operation. It is > typically used on the /usr/local filesystem. > > OpenBSD 3.3 introduced the W^X feature in 2004, and some other O/Ses > have implemented it as well since then. > > Has anyone looked into the problem of enumerating packages that are > installed in the /usr/local tree that actually NEED simultaneous write > and execute access? > > If only a small number of packages need W^X capability, would it make > sense to create a separate file tree for them, and let every other > part of the filesystem enjoy W^X protection, along with additional > security from addition of pledge() and veil() promises into software > packages? > > > ------------------------------------------------------------------------------- > - Nelson H. F. Beebe Tel: +1 801 581 5254 > - > - University of Utah FAX: +1 801 581 4148 > - > - Department of Mathematics, 110 LCB Internet e-mail: be...@math.utah.edu > - > - 155 S 1400 E RM 233 be...@acm.org be...@computer.org > - > - Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ > - > ------------------------------------------------------------------------------- > >
