From: Stuart Henderson Subject: Re: lang/polyml: fix (stupid because needless) W^X violation To: Daniel Dickman Cc: ports@openbsd.org Date: Wed, 16 Jul 2025 00:53:07 +0100 On 2025/07/15 19:35, Daniel Dickman wrote: > Should ports not even try to do a runtime check in the first place? I think these runtime checks are mainly for OS where the binary might be compiled on a system with no W^X protection and then run on a system with a kernel which enforces it (as long as it wasn't opted-out for the binary..) and they don't seem to make much sense for OpenBSD to me. On OpenBSD the possibilities (where a program deliberately tries to make a W+X mapping and checks the return code like this) are: - port forces W+X to be permitted (USE_WXNEEDED); binary run from wxallowed partition: test will succeed, program uses W+X and runs - port forces W+X to be permitted (USE_WXNEEDED); binary run from !wxallowed partition: test will fail, program avoids W+X and runs - port leaves W^X protection enabled; run with kern.wxabort=0; test will fail, program avoids W+X and runs - port leaves W^X protection enabled; run with kern.wxabort=1; crash For a port which does not set USE_WXNEEDED then avoiding the runtime check gives the most useful behaviour under both possibilities. (And if the port was changed to set USE_WXNEEDED the patch would presumably be adjusted at the same time).