Results 1 to 5 of 5

Thread: NX (no execute) to be added

  1. #1

    NX (no execute) to be added

    This caught my eye in the news this morning and I didn't see anyone else who posted about it. So i thought i would mention it to those who haven't heard about it yet

    Red Hat developer Ingo Molnar submitted a patch to Linus Torvalds on June 2 that makes available the NX (no execute) technology for x86 systems. NX was developed by Advanced Micro Devices (AMD) for its AMD64 hardware. Intel, Transmeta Corp. and VIA Technologies Inc. also announced support for NX, which adds a no-execute bit to a CPU's memory area.
    Link

    I'm curious if anyone else has further information on this. I've googled it and have only found descriptions of what they are going to do. What is this going to break in *nix and/or windows because of this addition?
    \"I have not failed. I\'ve just found 10,000 ways that won\'t work.\" - Albert Einstein

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Nothing. It's an available flag, it doesn't need to be used. It will require compiler support in addition to kernel support to make use of it. This means on windows systems, it will be a while before you see it (Longhorn potentially). Either way software written with this in mind will take some time to make it to mainstream, closed or open source.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    It won't need compiler support in order to work - (Linux) compilers already mark areas which are not going to contain code as non-executable pages. Some Linux kernels already prevent non-executable areas of memory being executed (According to one item I saw, Fedora Core 1 or 2 may do this already, on existing i386+ chips, NOT requiring AMD64 in order to work).

    Also Linux on some non-intel architectures may support similar functionality already.

    There is some really occasionally used gcc feature called "trampolines" (I've no idea what it's used for) which apparently NX breaks, but all other non-executable stack technologies also break it - apparently they have a fix anyway in new gcc (which marks the area executable or something). There are a tiny number of programs which use this feature, and FC1 have apparently either fixed them, or added a flag to the executable which tells the loader to disable this memory protection feature for those programs.

    *unfortunately* there are ways of getting around non-executable stacks which buffer overflows can still be exploited by - it's more difficult than executing code in the stack, but still quite possible - this is a "return-into-libc" attack. As far as I'm able to tell, NX does not protect against these.

    Slarty

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    As an architecture-specific feature it does need compiler support to make use of it. Simply because there is similar stuff being done already in software doesn't mean that a compiler won't need added support for the specific function. It's a feature of the architecture (specific processors actually, but more than one company is implementing it), much like SSE. It may not require a lot of work to include support, but it will need something done to support it "on processor" if you will.
    There is also more to the compiler world than GCC, as Intel and Microsoft both make compilers that will need to have this support added.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    There are no new instructions, like SSE, so the compiler doesn't need to explicitly support it.

    Having said that, it only provides a non-executable stack on binaries built with newer versions of gcc (gcc makes the stack no-execute only if programs don't need it) - according to this page, it is out of the box on some newer distros:

    http://people.redhat.com/mingo/nx-pa...ckStart-NX.txt

    As far as I can tell, all binaries automatically get heap overflow protection.

    Slarty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •