nRebuttal:
nOpenBSD breaks binary compatibility, PaX does not.
nBinaries for OpenBSD that were incorrect to begin with
(such as assuming malloc()
returns executable memory) will be broken under W^X and have no way to be corrected, since they do
not support per-binary
disabling of features. In PaX, a single
command can correct the
problem. This is a secure-by-default
design.
nThe upstream release of XFree86 < 4.3 assumed
malloc() returns executable
memory for its module loader. Some
point to this as PaX breaking
XFree86, when it was a bug in XFree86 that simply was not important before. There are other similar bugs involving libGL and various drivers. Redhat fixed these bugs in XFree86 when Exec Shield was developed.