[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: non-executable stack (via PT_GNU_STACK) not being enforced



On 10/12/2010 03:10 AM, Marcin Owsiany wrote:
On Mon, Oct 11, 2010 at 11:08:04PM -0500, Boyd Stephen Smith Jr. wrote:
On Monday, October 11, 2010 17:18:34 you wrote:
On 10/11/2010 12:21 PM, Boyd Stephen Smith Jr. wrote:
What can be done to not disable page protections in the default
kernel?
Enable PAE.  From what I understand, the features are not separable
in the i386 kernel.  You either suffer under PAE and get NX, or you
suffer without NX and drop PAE.
That's my understanding too. I was really asking about the default.

Most of us would prefer the 1% performance hit over having an
executable stack (and heap).
Then install -bigmem, reboot and be done.

Remember that Debian i386 targets more than beefy servers.  In fact, it 
probably has a larger install base on Atom-based router boards, All-in-one 
PCs, and "netbooks".
And it might be non-obvious, but some CPUs (e.g. the one in my
not-so-old laptop) don't support PAE, so making the default kernel use
PAE would make debian unbootable on them.

This is true. However, I've always wondered why we don't detect whether the CPU appears to support PAE and suggest a bigmem kernel at installation.

Reply to: