diff options
Diffstat (limited to '3.10.11/4475_emutramp_default_on.patch')
| -rw-r--r-- | 3.10.11/4475_emutramp_default_on.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/3.10.11/4475_emutramp_default_on.patch b/3.10.11/4475_emutramp_default_on.patch new file mode 100644 index 0000000..cfde6f8 --- /dev/null +++ b/3.10.11/4475_emutramp_default_on.patch @@ -0,0 +1,21 @@ +From: Anthony G. Basile <blueness@gentoo.org> + +PAX_EMUTRAMP is needed for libffi to avoid RWX mmap-ings using PaX emulation of trampolines. +We default PAX_EMUTRAMP='y' since almost all hardened users will want this. + +See bug: + http://bugs.gentoo.org/show_bug.cgi?id=329499 + http://bugs.gentoo.org/show_bug.cgi?id=457194 + +diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig +--- linux-3.9.2-hardened.orig/security/Kconfig 2013-05-18 08:53:41.000000000 -0400 ++++ linux-3.9.2-hardened/security/Kconfig 2013-05-18 09:17:57.000000000 -0400 +@@ -427,7 +427,7 @@ + + config PAX_EMUTRAMP + bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) +- default y if PARISC ++ default y + help + There are some programs and libraries that for one reason or + another attempt to execute special small code snippets from |