[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: non-executable stack (via PT_GNU_STACK) not being enforced

On Mon, Oct 11, 2010 at 11:08:04PM -0500, Boyd Stephen Smith Jr. wrote:
> On Monday, October 11, 2010 17:18:34 you wrote:
> >On 10/11/2010 12:21 PM, Boyd Stephen Smith Jr. wrote:
> >>> What can be done to not disable page protections in the default
> >>> kernel?
> >> 
> >> Enable PAE.  From what I understand, the features are not separable
> >> in the i386 kernel.  You either suffer under PAE and get NX, or you
> >> suffer without NX and drop PAE.
> >
> >That's my understanding too. I was really asking about the default.
> >
> >Most of us would prefer the 1% performance hit over having an
> >executable stack (and heap).
> Then install -bigmem, reboot and be done.
> Remember that Debian i386 targets more than beefy servers.  In fact, it 
> probably has a larger install base on Atom-based router boards, All-in-one 
> PCs, and "netbooks".

And it might be non-obvious, but some CPUs (e.g. the one in my
not-so-old laptop) don't support PAE, so making the default kernel use
PAE would make debian unbootable on them.

Marcin Owsiany <porridge@debian.org>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216

Reply to: