Hi,
Today, on current Linux kernel, is there any interest using PAGEEXEC or SEGMEXEC if PAE is enabled ?
If I look at the patch, almost each time, the pattern looks like that:
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
+ if (!nx_enabled && tsk->mm && (tsk->mm->pax_flags & MF_PAX_PAGEEXEC)) {
If my understanding is correct, nx_enabled is true if the kernel (and the CPU) supports PAE, or running in AMD64/EM64T mode. Right?
Do I miss any protection by not setting this specific option?
usefulness of PaX PAGEEXEC/SEGMEXEC when PAE enabled
2 posts
• Page 1 of 1
usefulness of PaX PAGEEXEC/SEGMEXEC when PAE enabled
by nbareil » Wed Dec 30, 2009 6:23 am
- nbareil
- Posts: 3
- Joined: Tue May 27, 2003 8:19 am
Re: usefulness of PaX PAGEEXEC/SEGMEXEC when PAE enabled
by PaX Team » Wed Dec 30, 2009 12:42 pm
PAGEEXEC is a config time selector for more code than mere non-exec pages, it also covers special reporting code, changing default access rights, etc, it's also a prerequisite for MPROTECT and others. on x86 it has fortunately little to do as far as actual NX bit usage goes and that also means that those users can omit SEGMEXEC as well. however for generic kernels that will run on a diverse set of CPUs you probably want to enable both and let the kernel choose the best one at runtime.nbareil wrote:Today, on current Linux kernel, is there any interest using PAGEEXEC or SEGMEXEC if PAE is enabled ?
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
2 posts
• Page 1 of 1