Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2

From: Arjan van de Ven
Date: Fri Jun 04 2004 - 11:39:25 EST

Next message: Ian Abbott: "Re: [PATCH] Memory leak in visor.c and ftdi_sio.c"
Previous message: William Lee Irwin III: "Re: [PATCH] cpumask 5/10 rewrite cpumask.h - single bitmap based implementation"
In reply to: Andi Kleen: "Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2"
Next in thread: Christoph Hellwig: "Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 04, 2004 at 06:13:04PM +0200, Andi Kleen wrote:
> > So instead of having complex things to try to turn NX on for suid, we
> > should aim to turn ot on as widely as possible, _even_if_ that means that
> > people who upgrade hardware might have to do some trivial MIS stuff.
>
> That is what is currently done on x86-64 in the major distributions
> (SUSE,Red Hat) at least.

yep.

> Of course that is only for the stack. Making the heap non executable
> is another can of worms. I don't know if Fedora does that
> too, SUSE and mainline x86-64 doesn't.

Fedora makes the heap non executable too; it only broke X which has it's own
shared library loader (which btw had all the right mprotects in place, just
ifdef'd for freebsd, ia64 and a few other architectures that default to
non-executable heap, so we just added x86(-64) to that)

Greetings,
Arjan van de Ven

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Ian Abbott: "Re: [PATCH] Memory leak in visor.c and ftdi_sio.c"
Previous message: William Lee Irwin III: "Re: [PATCH] cpumask 5/10 rewrite cpumask.h - single bitmap based implementation"
In reply to: Andi Kleen: "Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2"
Next in thread: Christoph Hellwig: "Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]