check-bios-nx
Neal McBurnett
neal at bcn.boulder.co.us
Tue May 11 03:24:32 UTC 2010
On Mon, May 10, 2010 at 10:57:04PM -0400, Jim Tarvid wrote:
> Fascinating in a perverse way. The NX (no execute bit) is a tacit concession
> that Von Neumann architecture is a mistake. Not sure how much performance is
> lost by using it and even less sure if anybody actually uses it. It may be
> called something else in the BIOS (perhaps data protection or enhanced virus
> protection). http://kerneltrap.org/node/3240
<snip>
> I suspect this discussion is academic since Intel's support of the NX bit has
> not been consistent which could lead to a coding nightmare.
>
> I've put this conversation back on the ubuntu-server list, perhaps someone else
> has wisdom.
<snip>
Well, Ubuntu's Security Team lead, Kees Cook, thinks the NX protection
in Ubuntu is the most important of the many safeguards we have:
https://wiki.ubuntu.com/MeetingLogs/openweekLucid/ProactiveSecurity
(03:55:33 PM) ClassBot: nealmcb asked: do you have any way of knowing
which features matter the most in the wild?
(03:55:45 PM) kees: yes. NX is without a doubt, #1.
(03:56:17 PM) kees: there are tons of logic mistakes in webservers and
scripts, but NX will block a lot of further escalation
https://wiki.ubuntu.com/Security/Features
see this for details on the demo:
http://people.canonical.com/~kees/demo/
Cheers,
Neal McBurnett http://neal.mcburnett.org/
More information about the ubuntu-server
mailing list