NX bit broken on 32-bit

John Richard Moser nigelenki at comcast.net
Sat Dec 9 20:10:42 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It seems the NX bit doesn't work on 32-bit Ubuntu, as per bug #75157

https://bugs.launchpad.net/distros/ubuntu/+bug/75157

Apparently, the requirement for this is PAE; which in turn means 64G
high memory support.

On newer 32-bit and 64-bit systems, the NX bit presents a way to
properly enforce non-executable memory.  This allows the stack, heap,
program and library data, and anonymous mappings to be non-executable,
even in 32-bit mode.  Doing this helps keep memory in a safe state and
prevent the exploitation of security vulnerabilites triggered by buffer
overflows and double-free()s.

Apparently, Ubuntu hasn't had this for quite a while.  I tested as far
back as Dapper; no such luck.  Bugs #49192 and #49283 specifically fix
non-executable stacks to enhance security; apparently these fixes are
wholly ineffective at this time.

In order to take advantage of the security improvements offered by the
NX bit in modern computers, the x86 generic kernel needs to have PAE
enabled.  Without this, users are being left more open to attacks from
unpatched vulnerabilities.

- --
    We will enslave their women, eat their children and rape their
    cattle!
                  -- Bosc, Evil alien overlord from the fifth dimension
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBRXsYQAs1xW0HCTEFAQKMmQ/+NV5D/zAmq1pJQkcu6QD5ozuaG06hNt8m
10WKBS72eLTOfUpWAf2gVNykZcmzfjniXAjqAnZHYd73U/oSZb6IVbP7k5RNpJ1O
X85lHeqwlfh3ZEUkxTxaTLEOMcbhms8kzr3tC75XkDQsc53f+y3lvWriJD5HVkE+
3Xdx3q/SXdJcxINaFtCaT/KtKigecENSW5fcgWSFrc2dPof45uR0MAM1EXcnhDcg
ouXPt4Y2PMUOtdfRQFQFlDhHHub1Dfd/K4ZusexJR1U7xybOgXkYvYZlYh5gYK85
pmu+T0Zzk5YYersL+QI8BVlBlajeldBL5Cu/r/z3iUAvtcPlCBLoEEnqyaqO84SP
R9uWwXLDqXHLzJrdOfSFHsONItSCmEdyXkKkT3D95phhwFbughxPPuRdDXINR8xq
3X6LjWZP9LvSPeW0s6Us9Dd3g9Tgdd1Wpr67MMngOFd4C/yZGKWdKo/kYGIbU+7m
+Ya6vzfruAes0wH+hlnZ37y/DENT8ZM3hWEFg0303pBPW/WAW3Jd4L1u/WzBSzWA
BoOvGN6waBVA1XldnrVT1VSt4DaNYM95pcufvNG0g6zTMk6qPdavRazQJlbXRzDt
d/IwD9wAdTLglyUBW2hXDwum8Ntzh5o/DXZ7ad47yCBM2NaVUIZkTD/crymyNDLO
w4rYts+cMuI=
=LrXM
-----END PGP SIGNATURE-----




More information about the ubuntu-users mailing list