1 |
René Rhéaume wrote: |
2 |
> On Fri, Jan 23, 2009 at 11:45 AM, Grant <emailgrant@×××××.com> wrote: |
3 |
>> Very close. PAGEEXEC is enabled, but so is SEGMEXEC. My CPU is a |
4 |
>> P4-2.8, and I'm not sure about NX support but these are the flags: |
5 |
>> |
6 |
>> fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 |
7 |
>> clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc pebs bts |
8 |
>> pni monitor ds_cpl cid xtpr |
9 |
> |
10 |
> There is no "nx" in your cpuinfo flags. Therefore, your P4 does not |
11 |
> have the hardware NX bit (or XD bit in Intel wording) |
12 |
|
13 |
Hi all! |
14 |
|
15 |
I've been following this discussion a little bit. I do have a Pentium D |
16 |
processor which do have the "nx" flag available. |
17 |
|
18 |
I see I do have CONFIG_PAX_PAGEEXEC=y in the kernel config, but I do also |
19 |
see that all non-kernel processes do have peMRS in the PAX flags when |
20 |
checking with the pspax command. |
21 |
|
22 |
Should I strive to get the PAGEEXEC flag set on all processes, or should I |
23 |
not? |
24 |
|
25 |
Another thing ... I do not quite understand why processes are listed with |
26 |
peMRS when paxctl says something a little bit different. An example: |
27 |
|
28 |
pspax: |
29 |
root 11864 peMRS w^x ET_EXEC openvpn =ep cap_setpcap-ep |
30 |
|
31 |
paxctl -v /usr/sbin/openvpn: |
32 |
- PaX flags: -------x-e-- [/usr/sbin/openvpn] |
33 |
RANDEXEC is disabled |
34 |
EMUTRAMP is disabled |
35 |
|
36 |
I've scanned through the whole system with "qlist -ao|scanelf -f - -q -x" |
37 |
and can't say I find anything here which is of concern, it only finds |
38 |
those paxtest files in /usr/lib/paxtest ... so everything should be |
39 |
default on the file level. |
40 |
|
41 |
I was of that understanding that my current setup would give PAGEEXEC as |
42 |
default. |
43 |
|
44 |
|
45 |
kind regards, |
46 |
|
47 |
David Sommerseth |