Gentoo Archives: gentoo-user

From: Walter Dnes <waltdnes@××××××××.org>
To: Gentoo Users List <gentoo-user@l.g.o>
Subject: [gentoo-user] Activating NX-bit on AMD64, solved (I think), and a warning.
Date: Sun, 02 Apr 2006 22:45:49
Message-Id: 20060402223852.GC16754@waltdnes.org
1 A few days ago, I asked how to do it. I stumbled across the answer
2 whilst browsing Google on an entirely different topic. The answer is to
3 add the parameters "noexec=on" and "noexec32=on" to the boot line. I've
4 added it via "append" lines in /etc/lilo.conf
5
6 #
7 # Linux bootable partition config begins
8 #
9 image = /boot/kernel-2.6-production
10 root = /dev/sda1
11 label = Production
12 read-only # read-only for checking
13 append = "noexec=on noexec32=on"
14
15 image = /boot/kernel-2.6-experimental
16 root = /dev/sda1
17 label = Experimental
18 read-only # read-only for checking
19 append = "noexec=on noexec32=on"
20
21 #
22 # Linux bootable partition config ends
23 #
24
25 And now for the unrelated part, and the warning. I was reading up on
26 GRUB, in case I decide to go 64-bit mode in the near future. Apparently,
27 GRUB will *NOT* install if noexec/noexec32 are enabled. You have to
28 turn them off before installing GRUB.
29
30 --
31 Walter Dnes <waltdnes@××××××××.org> In linux /sbin/init is Job #1
32 My musings on technology and security at http://tech_sec.blog.ca
33 --
34 gentoo-user@g.o mailing list