Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2

[Ingo Molnar]

* Suresh Siddha <suresh.b.siddha@xxxxxxxxx> wrote:

> On Thursday 03 June 2004 13:37, Andi Kleen wrote:
> > > What do you mean by "in the future"? on x86, with the current no execute 
> > > patch, malloc() will be non-exec
> > 
> > On x86-64 the heap is executable right now at least.
> 
> oh! I see. Looks like only Ingo's exec-shield patch is doing that.

yep. The patch also detaches the brk area from the binary's image and
bss, and randomizes it. (this isolates them better and makes it harder
to overflow between these sections.)

For the segment-limit method on non-NX CPUs a non-executable brk (heap,
malloc() space) has another significance: since it must be above the
binary image [there's simply not enough brk space below the binary], the
CS segment limit does not cover the binary's .data/bss sections - hence
that is non-executable as well. [for NX there's no difference - the
.data/bss sections are non-executable.]

but for the mainstream kernel the most important step would be to make
brk non-executable.

	Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/