[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: non-executable stack (via PT_GNU_STACK) not being enforced

On Mon, 11 Oct 2010 17:18:34 -0500 Marsh Ray wrote:
> > You would need to convince the kernel team that the bigmem kernel
> > should be the default on i386 systems.
> 
> "Please?"

Don't ask this list, ask the kernel team (via bug report and/or
mailing list message).  Note that ubuntu uses some kind of NX emulation
on i386 when its disabled in the bios or unsupported on the cpu, which
may be an option as well here. A patch for that submitted as a kernel
bug would be most effective.

> >> What can be done to at least warn users that the OS is silently
> >> not enforcing the page protections advertised by the CPU?
> >
> > There is the checksec script, which I have packaged, but have yet to
> > get sponsored.  It checks whether various kernel security features
> > are enabled.
> 
> That sounds useful. Do you have a link?

http://trapkit.de/tools/checksec.html

Best wishes,
Mike
Reply to: