1 |
On 11 Jan 2007 at 12:42, Philipp Riegger wrote: |
2 |
|
3 |
> I found a tutorial and some pages explaining how to use it and that |
4 |
> the kernel should print something like "NX is enabled now", i |
5 |
> followed the steps (basically enabling up to 64 GB RAM in the kernel, |
6 |
> if i remember correctly, it was on the wikpedia page about NX and on |
7 |
> some redhat page) but i never got the kernel message (dmesg | grep Nx |
8 |
> should show it to me, shouldn't it?). |
9 |
|
10 |
indeed, the kernel message should be: |
11 |
|
12 |
NX (Execute Disable) protection: active |
13 |
|
14 |
do you get it if you boot with noexec=on? |
15 |
|
16 |
> Maybe i understood something wron, because it is quite |
17 |
> confusing when hardware NX and when software NX is used and who |
18 |
> enables that in the programs (for example, do i have to use special |
19 |
> compiler flags? Does the programmer of some application has to take |
20 |
> care of anything?). |
21 |
|
22 |
the NX feature is ultimately controlled by the kernel, so first you |
23 |
have to run one that knows how to do it (based on the NX bit or |
24 |
something else). next, most NX implementations give you per-app control |
25 |
over it as well, that happens to be quite messy under linux thanks |
26 |
to some badly thought out features (GNU_STACK & co). on gentoo you |
27 |
should be fine as you probably have gcc 3.3+. |
28 |
|
29 |
-- |
30 |
gentoo-hardened@g.o mailing list |