Date: Thu, 3 Jun 2004 17:54:22 +0200
From: Andi Kleen <ak@suse.de>
To: Ingo Molnar <mingo@elte.hu>
Cc: torvalds@osdl.org, linux-kernel@vger.kernel.org, akpm@osdl.org,
       arjanv@redhat.com, suresh.b.siddha@intel.com, jun.nakajima@intel.com
Subject: Re: [announce] [patch] NX (No eXecute) support for x86,
 2.6.7-rc2-bk2
Message-Id: <20040603175422.4378d901.ak@suse.de>
In-Reply-To: <20040603124448.GA28775@elte.hu>
References: <20040602205025.GA21555@elte.hu>
	<Pine.LNX.4.58.0406021411030.3403@ppc970.osdl.org>
	<20040603072146.GA14441@elte.hu>
	<20040603124448.GA28775@elte.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 903
Lines: 24

On Thu, 3 Jun 2004 14:44:48 +0200
Ingo Molnar <mingo@elte.hu> wrote:


> - in exec.c, since address-space executability is a security-relevant
> item, we must clear the personality when we exec a setuid binary. I
> believe this is also a (small) security robustness fix for current
> 64-bit architectures.

I'm not sure I like that. This means I cannot earily force an i386 uname 
or 3GB address space on suid programs anymore on x86-64.

While in theory it could be a small security problem I think the utility
is much greater.

It's hard to see how setting NX could cause a security hole. The program
may crash, but it is unlikely to be exploitable.

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/