Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S265628AbUFDQiY (ORCPT ); Fri, 4 Jun 2004 12:38:24 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S265848AbUFDQiY (ORCPT ); Fri, 4 Jun 2004 12:38:24 -0400 Received: from mx1.redhat.com ([66.187.233.31]:6832 "EHLO mx1.redhat.com") by vger.kernel.org with ESMTP id S265628AbUFDQiW (ORCPT ); Fri, 4 Jun 2004 12:38:22 -0400 Date: Fri, 4 Jun 2004 18:37:54 +0200 From: Arjan van de Ven To: Andi Kleen Cc: Linus Torvalds , luto@myrealbox.com, mingo@elte.hu, linux-kernel@vger.kernel.org, akpm@osdl.org, suresh.b.siddha@intel.com, jun.nakajima@intel.com Subject: Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2 Message-ID: <20040604163753.GN16897@devserv.devel.redhat.com> References: <20040602205025.GA21555@elte.hu> <20040603230834.GF868@wotan.suse.de> <20040604092552.GA11034@elte.hu> <200406040826.15427.luto@myrealbox.com> <20040604154142.GF16897@devserv.devel.redhat.com> <20040604155138.GG16897@devserv.devel.redhat.com> <20040604181304.325000cb.ak@suse.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="RXc6EO4W1yUvSQ0X" Content-Disposition: inline In-Reply-To: <20040604181304.325000cb.ak@suse.de> User-Agent: Mutt/1.4.1i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1517 Lines: 45 --RXc6EO4W1yUvSQ0X Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Jun 04, 2004 at 06:13:04PM +0200, Andi Kleen wrote: > > So instead of having complex things to try to turn NX on for suid, we > > should aim to turn ot on as widely as possible, _even_if_ that means that > > people who upgrade hardware might have to do some trivial MIS stuff. > > That is what is currently done on x86-64 in the major distributions > (SUSE,Red Hat) at least. yep. > Of course that is only for the stack. Making the heap non executable > is another can of worms. I don't know if Fedora does that > too, SUSE and mainline x86-64 doesn't. Fedora makes the heap non executable too; it only broke X which has it's own shared library loader (which btw had all the right mprotects in place, just ifdef'd for freebsd, ia64 and a few other architectures that default to non-executable heap, so we just added x86(-64) to that) Greetings, Arjan van de Ven --RXc6EO4W1yUvSQ0X Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAwKVhxULwo51rQBIRAt+vAJwIvs+LDaMe4+cMm4mdjwWm/0VNGwCgp/sF Znz8rMbJPGB3hmpvOpczZuI= =3Lc5 -----END PGP SIGNATURE----- --RXc6EO4W1yUvSQ0X-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/