| 1 |
On 24/10/2007, Adam James <atj@××××××××××××××.uk> wrote: |
| 2 |
> On Wed, 24 Oct 2007 17:12:50 +0530 |
| 3 |
> widyachacra <widyachacra@×××××.com> wrote: |
| 4 |
> |
| 5 |
> > How to enable Enhanced Virus Protection(EVP) on linux? |
| 6 |
> |
| 7 |
> EVP is a bullshit marketing term for AMDs implementation of the Non |
| 8 |
> eXecute (NX) bit. |
| 9 |
> |
| 10 |
> See http://en.wikipedia.org/wiki/NX_bit#Linux for more information on |
| 11 |
> Linux support. |
| 12 |
|
| 13 |
Further, note that Hardened Gentoo is the way to go for full PaX |
| 14 |
support. That said, one can use the hardened-sources kernel without |
| 15 |
having built a system based upon a hardened stageball and toolchain, |
| 16 |
but it's less effective without a PIE userland. For further |
| 17 |
information: |
| 18 |
|
| 19 |
http://www.gentoo.org/proj/en/hardened/primer.xml |
| 20 |
|
| 21 |
I'd also like to add that the NX bit is supported by PaX to enforce |
| 22 |
W^X memory protection with no overhead but _only_ when running amd64. |
| 23 |
On x86 installations, the NX bit is not used by PaX, even if the |
| 24 |
processor supports it. |
| 25 |
|
| 26 |
Regards, |
| 27 |
|
| 28 |
--Kerin |
| 29 |
-- |
| 30 |
gentoo-server@g.o mailing list |
Archives