[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Opterons and the NX flag.

Sorry to be the guy that replys  to himself, however i look at some
kernel source and found how to turn on the noexec stuff....

looks like noexec=on for 64 bit stuff, noexec32=on for the 32 bit stuff.
i guess the 32 bit stuff has some flexibility as shown by the following

/* noexec32=opt{,opt}
Control the no exec default for 32bit processes. Can be also overwritten
per executable using ELF header flags (e.g. needed for the X server)
Requires noexec=on or noexec=noforce to be effective.

Valid options:
   all,on    Heap,stack,data is non executable.
   off       (default) Heap,stack,data is executable
   stack     Stack is non executable, heap/data is.
   force     Don't imply PROT_EXEC for PROT_READ
   compat    (default) Imply PROT_EXEC for PROT_READ

still, has anyone played with this? 

On Tue, 2004-09-28 at 10:29, Patrick Flaherty wrote:
> According to the 2.6.8 change log, Ingo added support to boot smp
> opterons in NX mode. Which is fantastic as NX adds a modicom of buffer
> overflow protection. What I've never understood is how to enable NX
> pages. There dosn't seem to be a kernel option for it, is it on by
> default? Has anyone been using it on their system? Does it break any
> programs (apparently some jit compilers use data pages as executables)?
> Thanks,
> patrick
> p.s. NX stands for no exec or somthing, and has been on high end
> processors for a long time. basicaly pages in memory marked by the nx
> flag can't be used to store any shell code (what does bad things in
> buffer overflows)

Reply to: