Re: Opterons and the NX flag.
Sorry to be the guy that replys to himself, however i look at some
kernel source and found how to turn on the noexec stuff....
looks like noexec=on for 64 bit stuff, noexec32=on for the 32 bit stuff.
i guess the 32 bit stuff has some flexibility as shown by the following
comment
/* noexec32=opt{,opt}
Control the no exec default for 32bit processes. Can be also overwritten
per executable using ELF header flags (e.g. needed for the X server)
Requires noexec=on or noexec=noforce to be effective.
Valid options:
all,on Heap,stack,data is non executable.
off (default) Heap,stack,data is executable
stack Stack is non executable, heap/data is.
force Don't imply PROT_EXEC for PROT_READ
compat (default) Imply PROT_EXEC for PROT_READ
*/
still, has anyone played with this?
best
patrick
On Tue, 2004-09-28 at 10:29, Patrick Flaherty wrote:
> According to the 2.6.8 change log, Ingo added support to boot smp
> opterons in NX mode. Which is fantastic as NX adds a modicom of buffer
> overflow protection. What I've never understood is how to enable NX
> pages. There dosn't seem to be a kernel option for it, is it on by
> default? Has anyone been using it on their system? Does it break any
> programs (apparently some jit compilers use data pages as executables)?
>
> Thanks,
> patrick
>
> p.s. NX stands for no exec or somthing, and has been on high end
> processors for a long time. basicaly pages in memory marked by the nx
> flag can't be used to store any shell code (what does bad things in
> buffer overflows)
>
Reply to: