Re: non-executable stack (via PT_GNU_STACK) not being enforced
On 10/10/2010 12:40 PM, Kees Cook wrote:
On Sun, Oct 10, 2010 at 01:35:10PM -0400, Brchk05 wrote:
this means that my CPU supports nx but I do
not have the right type of kernel, i.e., one that uses PAE
addressing, to support enforcement (or is that part Ubuntu
specific). Does this sound plausible?
That is quite likely, yes. If you're running 64bit, you already have
PAE mode. If you're running 32bit, you'll need to check your kernel's
CONFIG options for PAE. The default for 32bit is _not_ PAE mode, so
this is probably what is happening.
Anyone else perceive this situation as being a bit sub-optimal from the
I'm quite certain there are lots of Debian server admins out there who
had assumed that in the year 2010 their operating system is not going to
disable the nonexecutable page protection which is built into every
Yes, I have always thought that PAE in general was a kludge, but the NX
bit is now a fundamental part of the process integrity provided by the
CPU. It's been available in the 2.6 kernel, and shipped in MS Windows,
What can be done to not disable page protections in the default kernel?
What can be done to at least warn users that the OS is silently not
enforcing the page protections advertised by the CPU?