| 1 |
On 11 Jan 2007 at 12:42, Philipp Riegger wrote: |
| 2 |
|
| 3 |
> I found a tutorial and some pages explaining how to use it and that |
| 4 |
> the kernel should print something like "NX is enabled now", i |
| 5 |
> followed the steps (basically enabling up to 64 GB RAM in the kernel, |
| 6 |
> if i remember correctly, it was on the wikpedia page about NX and on |
| 7 |
> some redhat page) but i never got the kernel message (dmesg | grep Nx |
| 8 |
> should show it to me, shouldn't it?). |
| 9 |
|
| 10 |
indeed, the kernel message should be: |
| 11 |
|
| 12 |
NX (Execute Disable) protection: active |
| 13 |
|
| 14 |
do you get it if you boot with noexec=on? |
| 15 |
|
| 16 |
> Maybe i understood something wron, because it is quite |
| 17 |
> confusing when hardware NX and when software NX is used and who |
| 18 |
> enables that in the programs (for example, do i have to use special |
| 19 |
> compiler flags? Does the programmer of some application has to take |
| 20 |
> care of anything?). |
| 21 |
|
| 22 |
the NX feature is ultimately controlled by the kernel, so first you |
| 23 |
have to run one that knows how to do it (based on the NX bit or |
| 24 |
something else). next, most NX implementations give you per-app control |
| 25 |
over it as well, that happens to be quite messy under linux thanks |
| 26 |
to some badly thought out features (GNU_STACK & co). on gentoo you |
| 27 |
should be fine as you probably have gcc 3.3+. |
| 28 |
|
| 29 |
-- |
| 30 |
gentoo-hardened@g.o mailing list |
Archives