Всем привет! Ребят, кто-нибудь в курсе, как можно убрать NX-bit/XD-bit?(встроенная защита процессора для предотвращения выполнения данных как кода) Советов по его отключению я так и не нашел, лишь кучу формулировок о описаний. Я читал, что можно его отключить через BIOS, но настройки устройств в BIOS'e отсутствуют. Может быть есть какие-нибудь программы для изменения настроек? ________________ Ось: Linux Ubuntu 14.04 x86 Процессор: Intel Atom CPU N570 @1.66 GHz
- make sure you have a CPU that has the NX feature. Such CPUs are: all 64-bit variants of AMD (Athlon64, Opteron), future CPUs of Intel, Transmeta and VIA. (NOTE: 64-bit x86_64 kernels already make use of the 64-bit variant of the NX feature - this patch is only meant for 32-bit x86 kernels and distributions.) - double-check that your distribution supports the PT_GNU_STACK feature. This is a method to mark application stacks as executable or non-executable. A fair portion of overflow bugs are on the stack so you really want non-exec stacks. The NX feature will still work if you apply the patch but its effect will be limited. Distributions that have the PT_GNU_STACK feature are [surprise ] Fedora Core 1 and 2, RHEL3, SuSE Linux 9.1, Mandrake Linux 10 and the development branch of Debian. The following oneliner helps to determine whether PT_GNU_STACK is utilized by your distribution: readelf -l /bin/cat | grep STACK if it displays a line like: STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4 then your distribution makes use of PT_GNU_STACK and properly marks executables. if there's no line displayed or the line says 'RWE' instead of 'RW' then the applications are not marked properly. - download the patch: http://redhat.com/~mingo/nx-patches/nx-2.6.7-rc2-bk2-AE - apply the patch to your 2.6.7-rc2-bk2 kernel: patch -p1 < nx-2.6.7-rc2-bk2-AE - enable CONFIG_HIGHMEM64G in the .config. - recompile the kernel and install it - reboot into the new kernel. No additional configuration is needed. - upon bootup, if your CPU supports NX, you should see this boot message: NX (Execute Disable) protection: active - your applications are covered by NX protection from this point on. If an application defines a noexec stack then the kernel will enforce this executability, and all attempts to execute on the stack will be prevented by the hardware. Furthermore, the kernel will deny execution of its data structures as well, protecting against certain types of kernel-space exploits. - [ if you want to turn NX off then you can pass the noexec=off boot option to the kernel. ]
