Linux finally gets its NX support
- Thread starter n0cmonkey
- Start date
If NX is basically the same as per page execution permissions present in SPARC/SPARC64 hardware, I've got 5. 
Originally posted by: n0cmonkey
Linux had PaX, which does that.
Ithought PaX used a stack canary?
Non eXecutable. It lets you make parts of memory non-executable. Usually, you make the stack NX, and sometimes you make the heap NX. The simplest class of buffer overflow exploits work by putting exploit code on the stack and running it, so when your stack is NX, the program just crashes. It turns the vast majority of exploits into "denial of service" attacks, where without NX, they'd be "arbitrary code execution" attacks. With a nonexecutable stack, Code Red could never have propagated.
I'm not sure how anyone can break it down anymore....
It makes it so that code in memory can't be executed. If code in the memory can't be executed, buffer over flows, the most common form of security vulnerability these days, are impossible.
Originally posted by: Gobadgrs
Perfect
No, buffer overflows still occur, but unless they are even-more-specially crafted, they cause the program to just crash. If they are extra-specially-crafted, you can still take advantage of many buffer overflows - it's just a little more difficult. linus's explanation of getting around NX
Originally posted by: CTho9305
Originally posted by: Gobadgrs
Perfect
No, buffer overflows still occur, but unless they are even-more-specially crafted, they cause the program to just crash. If they are extra-specially-crafted, you can still take advantage of many buffer overflows - it's just a little more difficult. linus's explanation of getting around NX
Ok, so my simplification was off.
I'm hoping sp2 supports it well. Pretty much every x86 consumer company out there is throwing this feature in. The more software that supports it the better.
It's just another barrier. Security is a layered thing, each level is flawed and penetrable, but together they make a system secure as it needs to be.
LSM and SELinux have flaws, but make life difficult for crackers. You can use a program to break out of chroot jails. Gsecurity is flawed, as is PaX in it's own way. The NX is a hardware level device so the computer doesn't execute code that isn't ment to be executed in the first place. Firewalls can be broken, and besides buffer overflows there are a plethera of other security problems in software that can be exploited.
Buffer overflows are popular right now because they are easy to find (require not much skill to find) and are sometimes exploitable and often by remote means. It's kinda like a fad, just because MS made it's OS so easily crackable by these means.
But by combining all this then you can get something realy secure.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 21K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 14K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter