Re: non-executable stack (via PT_GNU_STACK) not being enforced
On Mon, Oct 11, 2010 at 11:08:04PM -0500, Boyd Stephen Smith Jr. wrote:
> On Monday, October 11, 2010 17:18:34 you wrote:
> >On 10/11/2010 12:21 PM, Boyd Stephen Smith Jr. wrote:
> >>> What can be done to not disable page protections in the default
> >>> kernel?
> >> Enable PAE. From what I understand, the features are not separable
> >> in the i386 kernel. You either suffer under PAE and get NX, or you
> >> suffer without NX and drop PAE.
> >That's my understanding too. I was really asking about the default.
> >Most of us would prefer the 1% performance hit over having an
> >executable stack (and heap).
> Then install -bigmem, reboot and be done.
> Remember that Debian i386 targets more than beefy servers. In fact, it
> probably has a larger install base on Atom-based router boards, All-in-one
> PCs, and "netbooks".
And it might be non-obvious, but some CPUs (e.g. the one in my
not-so-old laptop) don't support PAE, so making the default kernel use
PAE would make debian unbootable on them.
Marcin Owsiany <firstname.lastname@example.org> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216