[ubuntu-hardened] NX bit and generic-pae kernel.
Kees Cook
kees at ubuntu.com
Sun Apr 7 01:32:45 UTC 2013
On Sat, Apr 06, 2013 at 10:16:52PM +0200, Daniel Curtis wrote:
> It seems, that everything is fine. After installing the generic-pae
> kernel, system boots normally and for now I do not see any problems.
> uname command shows the correct result and most important part;
> in log files, I can find correct informations about NX bit. Now
> everything is okay;
>
> *NX (Execute Disable) protection: active*
>
> By the way; what really gives NX protection, when is enabled?
> I know, that there is a great site about Ubuntu Security Features,
> but I would like to know something more.
NX is a CPU feature, but the OS must be configured to take advantage of it.
Booting with the PAE kernel gets you that. (And 64-bit is always PAE.)
http://en.wikipedia.org/wiki/NX_bit#Hardware_background
-Kees
--
Kees Cook
More information about the ubuntu-hardened
mailing list