|| ||Arjan van de Ven <arjanv-AT-redhat.com>|
|| ||Linus Torvalds <torvalds-AT-osdl.org>|
|| ||Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2|
|| ||Wed, 2 Jun 2004 23:17:14 +0200|
|| ||Ingo Molnar <mingo-AT-elte.hu>, linux-kernel-AT-vger.kernel.org,
Andrew Morton <akpm-AT-osdl.org>, Andi Kleen <ak-AT-suse.de>,
"Siddha, Suresh B" <suresh.b.siddha-AT-intel.com>,
"Nakajima, Jun" <jun.nakajima-AT-intel.com>|
On Wed, Jun 02, 2004 at 02:13:13PM -0700, Linus Torvalds wrote:
> On Wed, 2 Jun 2004, Ingo Molnar wrote:
> > If the NX feature is supported by the CPU then the patched kernel turns
> > on NX and it will enforce userspace executability constraints such as a
> > no-exec stack and no-exec mmap and data areas. This means less chance
> > for stack overflows and buffer-overflows to cause exploits.
> Just out of interest - how many legacy apps are broken by this? I assume
> it's a non-zero number, but wouldn't mind to be happily surprised.
based on execshield in FC1.. about zero.
> And do we have some way of on a per-process basis say "avoid NX because
> this old version of Oracle/flash/whatever-binary-thing doesn't run with
yes those aren't compiled with the PT_GNU_STACK elf flag and run with the
stack executable just fine. GCC will also emit a "make the stack executable"
flag when it emits code that puts stack trampolines up.
That all JustWorks(tm).
to post comments)