Date: Sun, 24 Aug 2008 02:41:02 +0200 From: "Ivan Voras" <ivoras@freebsd.org> To: "Matthew Macy" <mat.macy@gmail.com> Cc: freebsd-arch@freebsd.org Subject: Re: FreeBSD and DEP aka "NX bit"? Message-ID: <9bbcef730808231741o5e765f3bh546475b28fe51f9b@mail.gmail.com> In-Reply-To: <3c1674c90808231713x47e42de5oa9fc2f2f244d2e74@mail.gmail.com> References: <g8q8i5$s9g$2@ger.gmane.org> <3c1674c90808231713x47e42de5oa9fc2f2f244d2e74@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2008/8/24 Matthew Macy <mat.macy@gmail.com>: > On Sat, Aug 23, 2008 at 5:04 PM, Ivan Voras <ivoras@freebsd.org> wrote: >> I stumbled upon this Wikipedia page: >> http://en.wikipedia.org/wiki/Comparison_of_BSD_operating_systems#Security_features >> and it mentions NX bit is supported in FreeBSD. Is this true? Is it >> enabled by default? > > Yes. However, it is in the upper word so it only works with PAE or > amd64. "jemalloc" maps the heap NX and thread stacks are mapped NX. > The default process stack currently needs to be executable because > sigcode is placed at the start of the stack at the time of process > creation. Thanks! How useful is it without protecting the default stack? IIRC wasn't stack protection one of the main (marketed) bonuses for NX? (I'm thinking of the majority of currently popular server software like apache (preforked) and PostgreSQL...)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9bbcef730808231741o5e765f3bh546475b28fe51f9b>