OpenBSD 6.0 has been released, with tones of improvements. They’re listing this one as one of the biggest changes:
In their latest attempt to push better security practices to the software ecosystem, OpenBSD has turned W^X on by default for the base system. Binaries can only violate W^X if they’re marked with PT_OPENBSD_WXNEEDED and their filesystem is mounted with the new wxallowed option. The installer will set this flag on the /usr/local partition (where third party packages go) by default now, but users may need to manually add it if you’re upgrading. More details can be found in this email. If you don’t use any W^X-violating applications, you don’t need the flag at all.
I ran current for a while without mounting /usr/local wxallowed and did not have any issues. Mostly base with Firefox and a few small apps which did not cause problems.
Went to Release and then Stable a few nights ago. Lots of big changes coming. No more releases on CD, and llvm was imported into base this morning.
Mtier provides free binary updates to stable ports and base system patches of you want to go that route. It’s really a simple system to maintain.
Why does Mozilla stuff need W|X?