From linux-kernel Thu Jun 10 18:07:47 2004 From: Stefanos Harhalakis Date: Thu, 10 Jun 2004 18:07:47 +0000 To: linux-kernel Subject: Re: WINE + NX (No eXecute) support for x86, 2.6.7-rc2-bk2 Message-Id: <200406102107.53776.v13 () priest ! com> X-MARC-Message: https://marc.info/?l=linux-kernel&m=108689115806922 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--Boundary-02=_5NKyAsO9f+4FU9e" --Boundary-02=_5NKyAsO9f+4FU9e Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline On Wednesday 09 June 2004 20:14, Jesper Juhl wrote: > On Tue, 8 Jun 2004, Robert White wrote: > > I would think that having an easy call to disable the NX modification > > would be both safe and effective. That is, adding a syscall (or > > whatever) that would let you mark your heap and/or stack executable while > > leaving the new default as NX, is "just as safe" as flagging the > > executable in the first place. > > Just having the abillity to turn protection off opens the door. If it is > possible to turn it off then a way will be found to do it - either via > buggy kernel code or otherwhise. Only safe approach is to have it > enabled by default and not be able to turn it off IMHO. What about turning it on and don't be able to turn it off again? > Jesper Juhl <> --Boundary-02=_5NKyAsO9f+4FU9e Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBAyKN5VEjwdyuhmSoRAqM/AJ0cSIff3VeSwOr9KqeFNU8oPceMeACcDZQ+ uKN642U36N9fG/ENTtbXh9s= =lpZ/ -----END PGP SIGNATURE----- --Boundary-02=_5NKyAsO9f+4FU9e-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/