RE: WINE + NX (No eXecute) support for x86, 2.6.7-rc2-bk2

[Evaldo Gardenali]

Hi there :)

Jesper Juhl wrote:
> On Tue, 8 Jun 2004, Robert White wrote:
> 
> > I would think that having an easy call to disable the NX modification would be both
> > safe and effective.  That is, adding a syscall (or whatever) that would let you mark
> > your heap and/or stack executable while leaving the new default as NX, is "just as
> > safe" as flagging the executable in the first place.
> >
> 
> Just having the abillity to turn protection off opens the door. If it is

indeed!

> possible to turn it off then a way will be found to do it - either via
> buggy kernel code or otherwhise. Only safe approach is to have it
> enabled by default and not be able to turn it off IMHO.

if there's a way to turn it off, there's certainly a hole waiting for
trouble.

This reminds me of the "Safe Level" of NetBSD. want to run X? downgrade
your Safe Level (0 by default, can run anything)
http://netbsd.gw.com/cgi-bin/man-cgi/man?options+4+NetBSD-current --
look for "options INSECURE"
I know there may be some flaws on that concept, but it looks interesting
:)

Evaldo

Attachment: signature.asc
Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagemassinada digitalmente