Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S264183AbUFBVOc (ORCPT ); Wed, 2 Jun 2004 17:14:32 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S264182AbUFBVOc (ORCPT ); Wed, 2 Jun 2004 17:14:32 -0400 Received: from fw.osdl.org ([65.172.181.6]:33735 "EHLO mail.osdl.org") by vger.kernel.org with ESMTP id S264184AbUFBVNS (ORCPT ); Wed, 2 Jun 2004 17:13:18 -0400 Date: Wed, 2 Jun 2004 14:13:13 -0700 (PDT) From: Linus Torvalds To: Ingo Molnar cc: linux-kernel@vger.kernel.org, Andrew Morton , Andi Kleen , Arjan van de Ven , "Siddha, Suresh B" , "Nakajima, Jun" Subject: Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2 In-Reply-To: <20040602205025.GA21555@elte.hu> Message-ID: References: <20040602205025.GA21555@elte.hu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 871 Lines: 22 On Wed, 2 Jun 2004, Ingo Molnar wrote: > > If the NX feature is supported by the CPU then the patched kernel turns > on NX and it will enforce userspace executability constraints such as a > no-exec stack and no-exec mmap and data areas. This means less chance > for stack overflows and buffer-overflows to cause exploits. Just out of interest - how many legacy apps are broken by this? I assume it's a non-zero number, but wouldn't mind to be happily surprised. And do we have some way of on a per-process basis say "avoid NX because this old version of Oracle/flash/whatever-binary-thing doesn't run with it"? Linus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/