mirror of
https://github.com/opnsense/src.git
synced 2026-06-09 08:43:19 -04:00
fc5ba17e78
LuaJIT creates 32-bit memory maps in a 64-bit execution environment,
which is disabled by default in HardenedBSD. We never ported the
MAP_32BIT disallow logic over from HardenedBSD to OPNsense prior to
18.1. The merge of HardenedBSD's ASLR implementation for 18.1 also
brought in the new logic.
Instead of removing disallow_map32bit, simply set it to 1 by default.
This will allow those who don't use LuaJIT applications to set it to 2
in /boot/loader.conf.local.
Note that this commit is specific to OPNsense. OPNsense ships without
the PAX_SYSCTLS kernel option, thus it's impossible to toggle via
sysctl.conf(5) and must be set via loader.conf.local.
Signed-off-by: Shawn Webb <shawn@opnsense.org>
github-issue: opnsense/plugins#466
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| hbsd_pax_aslr.c | ||
| hbsd_pax_common.c | ||
| hbsd_pax_hardening.c | ||
| hbsd_pax_internal.h | ||
| hbsd_pax_log.c | ||
| hbsd_pax_segvguard.c | ||