diff options
| author |   deraadt <deraadt@openbsd.org> | 2016-05-27 19:45:04 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2016-05-27 19:45:04 +0000 |
| commit | 9f25ea0444789356f96f36dfcfb511298f4ea099 (patch) | |
| tree | aafbce4074a5cde5dbdc3c3a5324bee65ac5545d /sbin/mount_nfs | |
| parent | Use getprogname() instead of __progname to make portability easier. (diff) | |
| download | wireguard-openbsd-9f25ea0444789356f96f36dfcfb511298f4ea099.tar.xz wireguard-openbsd-9f25ea0444789356f96f36dfcfb511298f4ea099.zip | |
W^X violations are no longer permitted by default. A kernel log message
is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag
kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump
creation.
W^X violating programs can be permitted on a ffs/nfs filesystem-basis,
using the "wxallowed" mount option. One day far in the future
upstream software developers will understand that W^X violations are a
tremendously risky practice and that style of programming will be
banished outright. Until then, we recommend most users need to use the
wxallowed option on their /usr/local filesystem. At least your other
filesystems don't permit such programs.
ok jca kettenis mlarkin natano
Diffstat (limited to 'sbin/mount_nfs')
| -rw-r--r-- | sbin/mount_nfs/mount_nfs.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sbin/mount_nfs/mount_nfs.c b/sbin/mount_nfs/mount_nfs.c index 8d3094a8fa9..21b4cc54e77 100644 --- a/sbin/mount_nfs/mount_nfs.c +++ b/sbin/mount_nfs/mount_nfs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mount_nfs.c,v 1.52 2015/01/16 06:39:59 deraadt Exp $ */ +/* $OpenBSD: mount_nfs.c,v 1.53 2016/05/27 19:45:04 deraadt Exp $ */ /* $NetBSD: mount_nfs.c,v 1.12.4.1 1996/05/25 22:48:05 fvdl Exp $ */ /* @@ -85,6 +85,7 @@ const struct mntopt mopts[] = { MOPT_STDOPTS, + MOPT_WXALLOWED, MOPT_FORCE, MOPT_UPDATE, MOPT_SYNC, |