NX bit broken on 32-bit

John Richard Moser nigelenki at comcast.net
Sat Dec 9 20:25:50 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

  [Re-posting then, since apparently the target list moved]

It seems the NX bit doesn't work on 32-bit Ubuntu, as per bug #75157

https://bugs.launchpad.net/distros/ubuntu/+bug/75157

Apparently, the requirement for this is PAE; which in turn means 64G
high memory support.

On newer 32-bit and 64-bit systems, the NX bit presents a way to
properly enforce non-executable memory.  This allows the stack, heap,
program and library data, and anonymous mappings to be non-executable,
even in 32-bit mode.  Doing this helps keep memory in a safe state and
prevent the exploitation of security vulnerabilites triggered by buffer
overflows and double-free()s.

Apparently, Ubuntu hasn't had this for quite a while.  I tested as far
back as Dapper; no such luck.  Bugs #49192 and #49283 specifically fix
non-executable stacks to enhance security; apparently these fixes are
wholly ineffective at this time.

In order to take advantage of the security improvements offered by the
NX bit in modern computers, the x86 generic kernel needs to have PAE
enabled.  Without this, users are being left more open to attacks from
unpatched vulnerabilities.

- --
    We will enslave their women, eat their children and rape their
    cattle!
                  -- Bosc, Evil alien overlord from the fifth dimension
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBRXsbzQs1xW0HCTEFAQIXcg//ZI1Bk0jzMYk1GRibRhzY4XgCgb2/jj6f
g/61wbQgvOLw4GbQpTh0kRf4Bkn1zTAxTHP7iHdGIIsqDDkAhTTcKrvloGLP8IN/
WDBhYvsiOufYpMA9FbMVW1gwNU5lv/vGIoHph8W8OcFcQK8IGBZVfelO+Nq9F1yJ
CmhoGFfK1+3bdqtLDMVQV9USaOoUfMExwoS27i+ijCauYShB9szxDeY8DqAD+99N
7Y/4+WrKaaM1vAESu+AuDS/Dv4Yy+2bLJZhFsa2E7JfCaCowiXHchS3h91Ju8vx/
BpER+jbXa6sFOLRBhG6ONri0NomuZrQgu4RB7IyvHAcEB/xn9OAIiG8LwyNohf5i
jZTHjWtFu+kNJjp2aPKL1GvhJH8i8xhfbBxMh++M6nbZWy2c79JowRBFJKF3TA/s
lbWXVNsJyT37SfAr+Lm7OyR2rgdWEXrS+zItlGTRAh4+g4XyaCmlvv28wiAK1l9z
C0/DUOQm4ce1dV6gYv0tutWzXoJQGEjpj/gx7Cc1K79qZsK22fBk55m0ckEnaJl0
j+1vvRNiKwQ26x/PItXT2qXg39g5y7vjAbVJyQC2ev+iZBp1/ZwI92RyQA26NaFj
uKNwGrio59QOFoL1Nku9Q2/7ifB87c5xKNBUNJJzjH+AQ9j/L2n/08SJF87K444Y
hmtkgY0U0Oo=
=yKRb
-----END PGP SIGNATURE-----

More information about the Ubuntu-devel-discuss mailing list