Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S265872AbUFISCf (ORCPT ); Wed, 9 Jun 2004 14:02:35 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S265875AbUFISCf (ORCPT ); Wed, 9 Jun 2004 14:02:35 -0400 Received: from noc.safeweb.be ([82.138.76.65]:7131 "EHLO safeweb.be") by vger.kernel.org with ESMTP id S265872AbUFISCa (ORCPT ); Wed, 9 Jun 2004 14:02:30 -0400 Subject: RE: WINE + NX (No eXecute) support for x86, 2.6.7-rc2-bk2 From: Evaldo Gardenali To: linux-kernel@vger.kernel.org In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-0LoS7T0r0pgEPR7MR913" Message-Id: <1086804146.2047.29.camel@server1.aguabranca.com.br> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Wed, 09 Jun 2004 15:02:26 -0300 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1820 Lines: 60 --=-0LoS7T0r0pgEPR7MR913 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi there :) Jesper Juhl wrote: > On Tue, 8 Jun 2004, Robert White wrote: >=20 > > I would think that having an easy call to disable the NX modification w= ould be both > > safe and effective. That is, adding a syscall (or whatever) that would= let you mark > > your heap and/or stack executable while leaving the new default as NX, = is "just as > > safe" as flagging the executable in the first place. > > >=20 > Just having the abillity to turn protection off opens the door. If it is indeed! > possible to turn it off then a way will be found to do it - either via > buggy kernel code or otherwhise. Only safe approach is to have it > enabled by default and not be able to turn it off IMHO. if there's a way to turn it off, there's certainly a hole waiting for trouble. This reminds me of the "Safe Level" of NetBSD. want to run X? downgrade your Safe Level (0 by default, can run anything) http://netbsd.gw.com/cgi-bin/man-cgi/man?options+4+NetBSD-current -- look for "options INSECURE" I know there may be some flaws on that concept, but it looks interesting :) Evaldo --=-0LoS7T0r0pgEPR7MR913 Content-Type: application/pgp-signature; name=signature.asc Content-Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQBAx1Cy5121Y+8pAbIRAkN/AJ9+L8nKvJwsadURmhs2nOjiL1hw7gCeJg/f G4dssn04CG+Dc6H43aUmeY0= =pqdu -----END PGP SIGNATURE----- --=-0LoS7T0r0pgEPR7MR913-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/