Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2

[Ingo Molnar]

* Linus Torvalds <torvalds@xxxxxxxx> wrote:

> I think we should just look at the executable itself, not whether it
> is suid. If the executable says it is "NX-approved", then it's
> NX-approved.  End of story - just try to make sure that as many
> executables as possible get compiled with the newer compiler suite
> that enables it.

right now the 'x' bit in the PT_GNU_STACK ELF program header has the
narrow meaning of specifcing the stack's executability. How should we
handle the brk area's executability? A good portion of recent attacks
came over heap overflows.

we could use the following 3 values:

 PT_GNU_STACK not present: legacy app, stack and heap executable
 PT_GNU_STACK present but !X: heap non-executable, stack executable
 PT_GNU_STACK present and X: both heap and stack are executable.

this method is what is used in Fedora and it works pretty well.

(in fact Fedora also does VM-layout changes to get more brk/mmap space
on x86 and to put executable code close to each other - this too is
turned off if PT_GNU_STACK is not present.)

	Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/