On 3/27/06, Hemmann, Volker Armin <[EMAIL PROTECTED]> wrote: > On Monday 27 March 2006 07:57, Richard Fish wrote: > > On 3/26/06, Walter Dnes <[EMAIL PROTECTED]> wrote: > > > The subject says it all. I've done some spelunking through > > > /usr/src/linux/.config, and I don't see anything relavant. > > > > It's enabled by default. If you don't want it, you need to boot with > > the "noexec=off" kernel option. > > > > on AMD64, but x86 doesn't have the NX bit, so a hardened kernel might be the > best solution.
No, current intel processors support the NX bit also: flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx pni monitor vmx est tm2 xtpr And if you look at the noexec_setup function in arch/i386/mm/init.c, you will see that it does not require AMD64. But I agree that PAE is the necessary option if your processor is too old and does not support the NX bit. Sorry I did not mention that. -Richard -- [email protected] mailing list
