Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2 [LWN.net]

From:		Arjan van de Ven <arjanv-AT-redhat.com>
To:		Linus Torvalds <torvalds-AT-osdl.org>
Subject:		Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2
Date:		Wed, 2 Jun 2004 23:17:14 +0200
Cc:		Ingo Molnar <mingo-AT-elte.hu>, linux-kernel-AT-vger.kernel.org, Andrew Morton <akpm-AT-osdl.org>, Andi Kleen <ak-AT-suse.de>, "Siddha, Suresh B" <suresh.b.siddha-AT-intel.com>, "Nakajima, Jun" <jun.nakajima-AT-intel.com>

On Wed, Jun 02, 2004 at 02:13:13PM -0700, Linus Torvalds wrote:
> 
> 
> On Wed, 2 Jun 2004, Ingo Molnar wrote:
> > 
> > If the NX feature is supported by the CPU then the patched kernel turns
> > on NX and it will enforce userspace executability constraints such as a
> > no-exec stack and no-exec mmap and data areas. This means less chance
> > for stack overflows and buffer-overflows to cause exploits.
> 
> Just out of interest - how many legacy apps are broken by this? I assume 
> it's a non-zero number, but wouldn't mind to be happily surprised.

based on execshield in FC1.. about zero.

> 
> And do we have some way of on a per-process basis say "avoid NX because
> this old version of Oracle/flash/whatever-binary-thing doesn't run with
> it"?

yes those aren't compiled with the PT_GNU_STACK elf flag and run with the
stack executable just fine. GCC will also emit a "make the stack executable"
flag when it emits code that puts stack trampolines up.
That all JustWorks(tm).

(Log in to post comments)