On Friday 01 August 2008 03:56:49 Jan Dvorak wrote: > On Thursday 31 July 2008 17:12:31 Valter Douglas Jr. wrote: > > Aside 64 bits system has more bugs than 32, it could > > be a good candidate to not have throubles (except when you mix it with > > Xen, nasty thing). [talking about PaX] > > Can you go more into details? Of course. Like PaX is a kernel patch and does not depend (entirely) by user space recompilation, it flows its securitiy tricks very softly on the system. Of course, there are applications (In top of my head by now, X and Java) that rely some memory behaviour, which cause PaX to bring it down of memory. But, paxutils can overcome this removing it from system checks.
I always heard that 64bits system has unstable issues, I not test it personally, but I thing it's a matter of time of adjusting the new systems. Really, all new machines have 64bits CPU, we do not use all power on it! But like you say, the authors claims it function really well on 64bits. But the same has been saying that 2.6.x patches can be broken because it's in test yet. The only thing we can make is test it. NOTE: I question myself, when will they admit that PaX is stable on 2.6.x? I cannot use 2.4.x kernels because new drivers is only added to 2.6.x, and I guess other peoples (include all participants of LFS projects) use 2.6 kernels. Almost all major distros has 2.6.x kernels too. :-) > I only found some information about > potential problems on non-hardware-emulated systems. I don't plan on > using Xen, but the main reason I'm going for x86_64 HLFS is KVM/QEMU with >4G memory and ability to run x86_64 guests. The big problem is the patching, Xen patchs modify heavely some parts of the kernel, and one of this parts is heavely modified by PaX. I try for two weeks to merge both patches on Kernel 2.6.18 without success (I'm not a kernel hacker, yet), I can not just make it compile. I'll try to mix it again using a 2.6.26.x kernel like a DOMU with the PaX patches. QEMU, Virtual Box and other user space virtualization have less chance to generate bugs. I try to compile and run a LFS on QEMU long time ago, like the system is a 32bits and very basic I was sucefull. KVM is hardware depent (I know, the 2.6.26.x KVM have paravirtualization, but it's a very new thing on it and not well tested) and I don't tested it yet. All modern CPU has the NX bit, try to google about it and kernel. PaX has a perform improvement on PAGE_EXEC protection if it uses NX. -- Valter Douglas Lisbôa Jr. Sócio-Diretor Trenix - IT Solutions "Nossas Idéias, suas Soluções!" www.trenix.com.br [EMAIL PROTECTED] Tel. +55 19 3402.2957 Cel. +55 19 9183.4244 -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
