Re: [announce] [patch] NX (No eXecute) support for x86,2.6.7-rc2-bk2

From: Andi Kleen
Date: Thu Jun 03 2004 - 11:02:56 EST


On Thu, 3 Jun 2004 14:44:48 +0200
Ingo Molnar <mingo@xxxxxxx> wrote:


> - in exec.c, since address-space executability is a security-relevant
> item, we must clear the personality when we exec a setuid binary. I
> believe this is also a (small) security robustness fix for current
> 64-bit architectures.

I'm not sure I like that. This means I cannot earily force an i386 uname
or 3GB address space on suid programs anymore on x86-64.

While in theory it could be a small security problem I think the utility
is much greater.

It's hard to see how setting NX could cause a security hole. The program
may crash, but it is unlikely to be exploitable.

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/