[CFT] ASLR, PIE, and segvguard on 11-current and 10-stable
Dag-Erling Smørgrav
des at des.no
Sun May 25 16:33:02 UTC 2014
Oliver Pinter <oliver.pntr at gmail.com> writes:
> Two idea here:
> a) create a tunable security.pax.expert_mode, and create sysctls at
> boot time depending from expert mode
> b) just add CTLFLAG_SKIP and hide the sysctl from normal user
The cost of an unused sysctl is about a hundred bytes of kernel memory.
What is the cost of the code required to turn it on and off, keeping in
mind that most of the contents of the struct sysctl_oid must be present
anyway so you can fill in the malloc()ed node?
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-current
mailing list