Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Red Hat Introduces NX Software Support For Linux

timothy posted more than 10 years ago | from the founder-and-leader dept.

Security 188

abertoll writes "In this story at ZDnet, Red Hat has apparently added NX support to Linux. NX security technology is a hardware attempt at stopping malicious code." (We recently posted about Transmeta's announcement that its chips will incorporate the NX bit as well.)

cancel ×

188 comments

Sorry! There are no comments related to the filter you selected.

Cool (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9348120)

That's pretty neat.
this is my f1rst p0st on slashdot

Sad news ... Ronald Reagan, dead at 93 (-1, Offtopic)

Three Headed Man (765841) | more than 10 years ago | (#9348429)

I just heard some sad news on talk radio - President/Actor Ronald Reagan died in his home this morning. There weren't many more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his presidency, there's no denying his contributions to popular culture. Truly an American icon.

Difference between NX and protected mode bits? (3, Interesting)

PiGuy (531424) | more than 10 years ago | (#9348122)

What I fail to understand is the difference between this 'no execute' bit and the 'executable' bit in standard 386 protected mode. Does the 'executable' bit not cause an exception if the PC proceeds to pages without it set? Even then, protected mode also has a 'read-only' bit - isn't this set for code pages? And if not, why not?

Per-segment vs. per-page (5, Informative)

tepples (727027) | more than 10 years ago | (#9348141)

Standard 386 protected mode controls per segment, where CS (code segment) is executable and DS (data segment) is writable. However, many 32-bit operating systems use a so-called "tiny" memory model, setting CS = DS, and the 386 allows for turning off read and write privileges per page but not execute privileges (if you can read a page in an executable segment, you can execute from it).

However, true W^X (shorthand for "no segment is both writable and executable") support won't work for applications that depend on self-modifying code, such as JIT-compiling virtual machines for Java and .NET platforms.

Re:Per-segment vs. per-page (5, Interesting)

forkazoo (138186) | more than 10 years ago | (#9348310)

However, true W^X (shorthand for "no segment is both writable and executable") support won't work for applications that depend on self-modifying code, such as JIT-compiling virtual machines for Java and .NET platforms.

data char* temp = new data char[len];
executable char* code = new executable char[len];
int function() = code;

compile(javasrc, temp);
copy(temp, code);
function();

From what I've heard, allocations will default to non-executable, but there will be some sort of API that allows executable space to be allocated on every OS that deals with NX bits. You will probably also see WinXP and the like with the ability to "Run this program in compatibility mode..." until the developer updates to deal with the tweaks made in the updates.

Re:Per-segment vs. per-page (3, Interesting)

tepples (727027) | more than 10 years ago | (#9348354)

compile(javasrc, temp);
copy(temp, code);
function();

And watch as NX::copy() has a huge overhead from going into kernel space and back.

Re:Difference between NX and protected mode bits? (1, Informative)

Isomer (48061) | more than 10 years ago | (#9348149)

the i386 has no hardware support for an "execute" bit. It just has a read bit and a write bit. If you have read access to a page then you can execute that code. The "NX" bit is the implementation of the "execute" bit, except when it's /set/ it prevents execution as opposed to the expected reverse, which is why it's called "NX" not "X" :)

Re:Difference between NX and protected mode bits? (4, Informative)

AKAImBatman (238306) | more than 10 years ago | (#9348335)

People, do yourselves a favor and read the Intel specs. Please? There is in fact, a bit for defining code segments. These code segments can be marked as read only or execute only. The problem (as I managed to wrangle out of people the LAST time this thing was posted) is that a data block can also be executed without exception. The NX flag merely prevents data blocks from ever executing code.

Re:Difference between NX and protected mode bits? (0)

Anonymous Coward | more than 10 years ago | (#9348196)

There's absolutely no thing as the execute bit in 386. It's a feature lacking that most other VM-enabled CPUS have by default.

The 386 architecture has one bit for access: a 0 (read and execute) or 1 (read/write/execute). It is then that read implies execute, and write implies read.

Re:Difference between NX and protected mode bits? (2, Informative)

tepples (727027) | more than 10 years ago | (#9348221)

There's absolutely no thing as the execute bit in 386

There is, but it works on segments and not pages. Unfortunately, some i386 operating systems' ABIs are defined such that CS = DS.

The 386 architecture has one bit for access:

Your one-bit write protection applies to pages.

Re:Difference between NX and protected mode bits? (2, Informative)

the_greywolf (311406) | more than 10 years ago | (#9348211)

the bits you're referring to are the execute permission for segment descriptors.

the NX bit operates at page level - within segments. it is bit 63 of the Page-Translation-Table entry, and is only available in PAE mode. it is enabled by the NXE bit of the EFER ("Extended Feature Enable Register"). and it applies to all execution rings.

Re:Difference between NX and protected mode bits? (1, Interesting)

dealsites (746817) | more than 10 years ago | (#9348321)

This is just an attempt by the hardware developers to patch problems made by the software developers. Ultimately in the end, we will lose performance because they are adding overhead to general processing. The software developers (or companies) should be held responsible. It's no different than trying to patch a patch a patch, etc...

This is why linux is so efficient; bugs are corrected in the kernel and recompiled for the new releases. It's a much better solution that adding code bloat or processor overhead to solve these types of issues.

--
Smack your momma good deals!: http://www.dealsites.net/livedeals.html [dealsites.net]

Re:Difference between NX and protected mode bits? (2, Informative)

AdamInParadise (257888) | more than 10 years ago | (#9348433)

I beg to differ.

All modern architectures implement all 3 different protections bits (read, write, execute). It should have been implemented a long, long time ago, and you definitely cannot emulate it perfectly in software.
I don't known why it wasn't implemented from the begining or at least when the 386 was released, but it was sorely missed by everyone working on improving the security of an OS. I guess Intel didn't think that this architecture would survive in the 21th century.

So adding the NX is a long overdue fix which should really improve the security of PCs, if it is used correctly by the OS.

Regards,
David

Re:Difference between NX and protected mode bits? (2, Informative)

astroboscope (543876) | more than 10 years ago | (#9348584)

Ultimately in the end, we will lose performance because they are adding overhead to general processing.

Point taken, but if NX cuts down on the worm/virus/virus notice email we get because of infected Windoze systems, it'll be a performance boost for us UNIX users.

what about SEX (-1, Offtopic)

anandpur (303114) | more than 10 years ago | (#9348124)

what about SEX support

Re:what about SEX (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9348143)

Sorry dude, this is Slashdot.

Re:what about SEX (1)

caston (711568) | more than 10 years ago | (#9348144)

You'll just have to wait until you're older son.

And after that it's the CHILD support you should be worrying about.

NX Virus....yay (3, Funny)

celeritas_2 (750289) | more than 10 years ago | (#9348125)

I personally can't wiat until some great evil makes a virus harnising NX to say.....block the execution of MSIE .....widespread luser panic is always fun

Re:NX Virus....yay (0, Funny)

Anonymous Coward | more than 10 years ago | (#9348167)

LOL block IE because it's DANGEROUS LOL LUSERS LOL BILLGATES M$.

You're fucking pathetic. Throw yourself off of a goddamn bridge.

Re:NX Virus....yay (0)

Anonymous Coward | more than 10 years ago | (#9348318)

Not exactly about to happen because it isn't practical to implement. Sorry to burst your anti-M$ bubble.

Re:NX Virus....yay (0)

Anonymous Coward | more than 10 years ago | (#9348393)

Uh... NX doesn't really work that way dumb ass. Besides, doing so is quite trivial without NX anyway. It's called ntfs ACL's. That stands for Access Control List incase you're retarded (which you probably are).

diff? (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9348128)

The diff is probably 2 lines- who cares?

Re:diff? (4, Insightful)

sploo22 (748838) | more than 10 years ago | (#9348151)

Did you even look at it?
$ wc -l nx-2.6.7-rc2-bk2-AE
518 nx-2.6.7-rc2-bk2-AE
It's smaller than most, but still not exactly trivial.

The NX Bit... (4, Funny)

zoloto (586738) | more than 10 years ago | (#9348130)

And I always wanted processor support for the Evil Bit. Dang.

Re:The NX Bit... (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9348155)

What a fine bit of Slashdot humour. Get AIDS and die, queer.

Re:The NX Bit... (1, Funny)

Anonymous Coward | more than 10 years ago | (#9348327)

AIDS=Apple Infected Disk Syndrome

Read the Jargon File lately?

Cool! (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9348131)

Red Hat's doing something right!

This proves that Red Hat Linux is the best (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9348133)

Subject says it all.

Re:This proves that Red Hat Linux is the best (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9348140)

Haha, nice trolling attempt. Nothing brings out the zealots faster than a distro war.

Remember kids... (2, Insightful)

Anonymous Coward | more than 10 years ago | (#9348134)

... NX support is not an excuse to write potentially unsafe code.

FRIST REAGAN SUX POST (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9348136)

Reagan was a fascist pig who waged class warfare against workers more ruthlessly than anyone until George Dubya.

Re:FRIST REAGAN SUX POST (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9348148)

Go fuck yourself you stupid socialist sack of shit.

Re:FRIST REAGAN SUX POST (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9348152)

your just pissed cause reagan did your mom!

Re:FRIST REAGAN SUX POST (-1, Offtopic)

sploo22 (748838) | more than 10 years ago | (#9348161)

The man just died today, can't you even show an ounce of respect? I understand you're desperate for things to troll about, but that was just sickening for you to go after Reagan like that.

I know this is OT but I just couldn't stand to read this without saying something.

Re:FRIST REAGAN SUX POST (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9348190)

Reagan is sickening.

Glad to see that peice of shit take a dirt nap.

Do you know how many people have died because of that scumbag?

Where did the Taliban come from? How many people in Latin America were slaughtered by his death squads? How much tax money was wasted on bloated weapons programs essentially redistributing the wealth of tax payers into the pockets of the families that control the arms industry?

Death, destruction and government waste are all he contributed.

I can understand if a hilter-youth like yourself finds that inspiring but I find it disgusting.

Re:FRIST REAGAN SUX POST (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9348212)

One less Republican.

I'd rather see them convert than croak through.

Re:FRIST REAGAN SUX POST (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9348272)

Oh ya and don't forget when Saddam was "Gassing his own people" that was during the same time that Reagan was supporting him with money, intelligence, "dual use technology", i.e. chemical weapons ingedients, etc. He even sent Donald Rumsfeld over to hang out with him and help him out with anything he needed. That was all Reagan buddy. Really something to be proud of. Hahaha...

Re:FRIST REAGAN SUX POST (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9348421)

Don't be such a spineless PC asshole. The man was a cunt, and being dead hasn't improved him. It merely gives us all an opportunity to remember exactly why we hated the cunt, and why he deserved a horrible lingering death.

Mod this crap down a man died. (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9348511)

yeah. i soul died, mod down in the name of Karma.

Darn. (1, Offtopic)

sploo22 (748838) | more than 10 years ago | (#9348138)

I noticed Slashdot was down for a few minutes just prior to posting this. I'll assume they were upgrading their servers.

So does this mean I'm out of luck with all those shellcodes I keep posting in my comments?

Re:Darn. (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9348171)

And furthermore, I'd like to know how this was offtopic. Does anybody on /. read anymore?

Re:Darn. (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9348195)

You want to explain how it was on topic?

Re:Darn. (1, Interesting)

sploo22 (748838) | more than 10 years ago | (#9348234)

Yes, I do. It was a JOKE. You really want me to spell it out for you? I was implying that I'd been hacking Slashdot regularly but now the new NX protection was stopping me. Happy?

Use this link to avoid the 503 server unavailable (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9348231)

*_d_e_a_n_s_e_x_*_d_e_a_n_s_e_x_*_d_e_a_n_s_e_x_*_
d_______________________________________________d_ _
e_/_____\_____________\____________/____\_______e_ _
a|_______|_____________\__________|______|______a_ _
n|_______`._____________|_________|_______:_____n_ _
s`________|_____________|________\|_______|_____s_ _
e_\_______|_/_______/__\\\___--___\\_______:____e_ _
x__\______\/____--~~__________~--__|_\_____|____x_ _
*___\______\_-~____________________~-_\____|____*_ _
d____\______\_________.--------.______\|___|____d_ _
e______\_____\______//_________(_(__>__\___|____e_ _
a_______\___.__C____)_________(_(____>__|__/____a_ _
n_______/\_|___C_____)/YAARRR\_(_____>__|_/_____n_ _
s______/_/\|___C_____)RRRRRRR|__(___>___/__\____s_ _
e_____|___(____C_____)\RRRGGH/__//__/_/_____\___e_ _
x_____|____\__|_____\\_________//_(__/_______|__x_ _
*____|_\____\____)___`----___--'_____________|__*_ _
d____|__\______________\_______/____________/_|_d_ _
e___|______________/____|_____|__\____________|_e_ _
a___|_____________|____/_______\__\___________|_a_ _
n___|__________/_/____|_________|__\___________|n_ _
s___|_________/_/______\__/\___/____|__________|s_ _
e__|_________/_/________|____|_______|_________|e_ _
x__|__________|_________|____|_______|_________|x_ _
*_d_e_a_n_s_e_x_*_d_e_a_n_s_e_x_*_d_e_a_n_s_e_x_*_


Impotent Stuff: Please try to to avoid looking like a complete buffoon and ignoramous to the entire country you jackass. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account. [www.goat.cx]

Impotent Stuff: Please try to keep campaign on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Impotent Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

no execute support new? Nonsense ! (5, Funny)

Timber_Z (777048) | more than 10 years ago | (#9348139)

Windows has supported that for years.

Why just yesterday it stoped executing for no particular reason.

Re:no execute support new? Nonsense ! (1)

boarder8925 (714555) | more than 10 years ago | (#9348225)

Why just yesterday it stoped executing for no particular reason.
--second ago it stopped exe--

Re:no execute support new? Nonsense ! (1)

Alien Being (18488) | more than 10 years ago | (#9348235)

"no particular reason"

Hmm, last time I used MSWindows, it said "General protection fault" and now it just says "no particular reason".

Congrats Bill, you truly are an industry something-or-other.

Re:no execute support new? Nonsense ! (1)

0racle (667029) | more than 10 years ago | (#9348333)

On a far more serious note, XP SP2 adds this same functionality, except its only supported on the newest processors from AMD, the Athalon64 and Opterons. So does this, and the support for it that OpenBSD added to the i386 port, have the same limitation?

Re:no execute support new? Nonsense ! (2, Informative)

tepples (727027) | more than 10 years ago | (#9348412)

From what I've read, NX support on older i386 CPUs either 1) puts all of a process's code below the code segment limit (1 GB) and all data above that, with an unmapped gap in between [neohapsis.com] , or 2) hooks into the translation lookaside buffer (the cache for virtual memory page table lookups) at a speed cost.

Re:no execute support new? Nonsense ! (1)

0racle (667029) | more than 10 years ago | (#9348533)

So what processors does this and OpenBSD enable NX on? Seriously, I'm having problems finding a straight answer. I didn't notice a performance decrease from OBSD 3.3 to 3.4 but my system isn't really doing much.

Thanks Red Hat (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#9348146)

Thank you once again for all of your contributions to the Linux community and market. Your actions mark you as a true leader.

There you go (4, Insightful)

Anonymous Coward | more than 10 years ago | (#9348157)

... all those fellow /.'ers who cried out loud "we don't want no DRM" when they first read the titles of the stories about NX support in upcoming procs, without even bothering to understand WTH NX is for, and kept and kept writing idiotic comments about how evil Windows must be because it now supports NX (which they seriously thought was some form of ah-so-evil DRM feature)

See, NX is a good thing, now even Linux has support for it :) I am happy that you will now have an opportunity to open your minds to this fine new technology.

Cheers.

One step at a time (1, Interesting)

SoSueMe (263478) | more than 10 years ago | (#9348520)

This, to me, seems like just one more slow, inexhorable step towards "Trusted Computing".

Re:There you go (0, Offtopic)

Jeff DeMaagd (2015) | more than 10 years ago | (#9348565)

Well, hey, now maybe we can hope for some other distribution to include this, hopefully one that doesn't suddenly yank their maintainance support out from under you only sixteen months after introducing a product?

Re:There you go (0)

Anonymous Coward | more than 10 years ago | (#9348572)

this fine new technology.
WTF are you talking about? Many non-intel procs support something like this for ages...

Re:There you go (1)

dont_think_twice (731805) | more than 10 years ago | (#9348604)

I am happy that you will now have an opportunity to open your minds to this fine new technology.

Yea, right, open my mind. Haven't you ever heard of cognative dissonance? It means I can hold two contradictory thoughts in my head and not be bothered. So Microsoft is evil for including NX, and linux is awesome for including NX. What do you have to say to that?

Selling out (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9348158)

OT, but anyone notice the Windows advert above this story with some 'statistics' showing Windows has a lower TCO? These are the same statistics that /. ridiculed not so long ago. Talk about two-faced.

And for an even more disgusting example, go to http://www.vasoftware.com/ - where they're actively promoting outsourcing all your jobs away.

Utter bastards.

Re:Selling out (0, Offtopic)

The MESMERIC (766636) | more than 10 years ago | (#9348331)

Cool!
I always been pondering on a sig - now I've found one!
testing 1 2 3 ...

503 Error (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9348160)

503 Error The webserver and/or database is losing.

Just don't add "Halt and Catch Fire" Instruction (4, Funny)

xmas2003 (739875) | more than 10 years ago | (#9348163)

I just hope that with all the overclockers out there, they don't add support for the Halt and Catch Fire Instruction [ic.ac.uk] ;-)

Seriousely, the NX stuff is a "good" thing to add to slow down malicious code - the only thing better would be a HULK Instruction [komar.org] which would SMASH Puny Human malicious code ... ;-)

A cross between... (5, Insightful)

3) profit!!! (773340) | more than 10 years ago | (#9348185)

This "NX" stuff to separate data and instructions is sort of like crossing current CPUs' Von Neumann architecture [wikipedia.org] with a Harvard architecture [wikipedia.org] type of chip, where the storage is actually separate from the executable code.

Fine No Execute (4, Insightful)

oldstrat (87076) | more than 10 years ago | (#9348186)

This is all well and good, but is certainlly not a panacia.
No execute means that somewhere, somehow there will be an override and the day the override is used the virus' will follow by tricking (and explaining how) to the user why this is needed and bingo, it's in.

And of course I could be completely wrong in that this no execute bit does not exist on older processors and that in itself is going to cause problems. Intel has xbit on newer processors, but what about AMD, VIA, whoever else? Is this part of the Intel half of the WinTel duopoly?

I think it's probably a good idea, but I'm suspicious.

Re:Fine No Execute (1)

Cyph (240321) | more than 10 years ago | (#9348226)

AMD has No Execute on Athlon 64 processors, so it's certainly not an Intel specific thing. As the Slashdot blurb mentions, Transmeta recently added it as well. But no, older processors do not have No Execute on it.

Re:Fine No Execute (5, Interesting)

explorer (42481) | more than 10 years ago | (#9348305)

Right, all AMD K8-class processors have the NX-bit already. And despite the Intel-centric spin on the ZDNet article, the fact is that Intel has only announced that support for it is coming in future Intel parts. Unlike AMD, it doesn't appear you can buy any CPUs from Intel that support the NX bit today.

In other words, Intel is playing catch-up.

And note the comment in Ingo's linux-kernel posting that refers to the "existing NX support in the 64-bit x86_64 kernels ... written by Andi Kleen". I.e. NX-bit support was already available to AMD64 owners running 64-bit linux kernels.

Re:Fine No Execute (0)

Anonymous Coward | more than 10 years ago | (#9348244)

I don't think viruses tricking users is that big of a problem, because there's a lot more dangerous things that viruses could ask users to do.

And if you read the article, it's on AMD and Transmeta too.

Re:Fine No Execute (4, Informative)

asifyoucare (302582) | more than 10 years ago | (#9348260)

Indeed NS is not a panacea. It will prevent the easiest method of buffer overflow attack, but other attacks are still possible.

Linus illustrated one such attack in this [lwn.net] reply to Alan Cox regarding the possible implementation of a non-executable stack in Linux.

Re:Fine No Execute (0)

Anonymous Coward | more than 10 years ago | (#9348302)

Non-executable stack isn't the same as W^X. Check openbsd.org for a decent explanation, they have had non-executable stack and heap, plus W^X, pro-police and a few other tricks to make exploits harder as standard features for ~1 year now.

Re:Fine No Execute (4, Informative)

0racle (667029) | more than 10 years ago | (#9348434)

NX is not a new thing, and neither Intel or AMD did it first. SPARC's, UltraSPARC's and Alpha's have had this for some time, and it wouldn't surprise me if its in the Power chips as well.

As far as it not being on older processors, I assume you mean older ia32's, and surprisingly this was brought up in a MS TechNet event I was at on Thursday. I don't know all the details, but he presenter said it was in older chips, at least back to the original Pentium if I remember, but with the way ia32 chips do paging, it was never implemented in the OS's until recently, which i can only assume the Athalon64, Opeteron and Itanium do this differently, but don't quote me on that.

Personally, I'm just wondering exactly what ia32 chips will Linux and OpenBSD use NX on.

ummm (-1)

Anonymous Coward | more than 10 years ago | (#9348193)

Is this something Linux needs? I thought Windoze got all that action!

One thing Linux can be proud not to have.

Sad news ... Stephen King, dead at 93 (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9348224)

I just heard some sad news on talk radio - former American President Ronald Reagan was found dead in his Los Angeles home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to popular culture. Truly an American icon.

YOU FUCKING FAILURE (1)

Luke727 (547923) | more than 10 years ago | (#9348392)

I've seen some miserable failures in my time, but you are a whole new level of failure. First of all, you wrote Stephen King in the subject line. Obviously this is just a simple copy-and-paste troll, but JESUS CHRIST how could you fuck that up? Secondly, his home is in Bel Air (though I guess that's sort of a suburb of L.A., so I'll let that slide). And finally, you are supposed to replace "even if you didn't enjoy his work, there's no denying his contributions to popular culture" with something witty, like the following:

even if you didn't enjoy his scandals, there's no denying his contributions to the downfall of western civilization

Get a fucking clue, you god damn pathetic piece of shit! Please stab yourself in the face for me. KTHXBYE!

GET SOME PRIORITIES (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9348246)

Do you even WATCH the news? This is *NOT* important.

Saturday night, reading slashdot (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9348265)



And I wouldn't have it any other way, baby!

JIT Compilation/Interpreters (2, Interesting)

MntlChaos (602380) | more than 10 years ago | (#9348266)

How would Just-in-time compilers and interpreters work? If I understand this correctly, you can't write data to executable areas of memory, but then how do you run instructions that are written to memory!?!? Could someone explain?

Re:JIT Compilation/Interpreters (1)

TummyX (84871) | more than 10 years ago | (#9348383)

Um. Well obviously there will be APIs to mark data regions as executable or to allocate executable data regions. The later would be better cause then you could better ensure that offflows from non-executable data regions won't overflow into executable data regions.

Here you go... (3, Informative)

SoSueMe (263478) | more than 10 years ago | (#9348395)

Some legitimate programs, such as Java compilers that perform just-in-time code generation, execute instructions within data areas -- and will have to be rewritten for Service Pack 2. But the most common exploiters of x86 architecture's porous program and data boundaries are applications (called, as a matter of fact, exploits) that perform buffer overrun attacks -- one-two punches that first flood a program's input area with more data than it's designed to handle, then deliver a poisonous executable payload. ..........

Software developers will be able to selectively disable execution protection for 32-bit applications, using a DisableNX fix in SP2's compatibility toolkit, and end users will be able to switch the feature on and off for the entire system or for individual applications (like those Java compilers) via a new Control Panel dialog box, similar to those for SP2's beefed-up firewall .

calling it a "technology"... (3, Informative)

dekeji (784080) | more than 10 years ago | (#9348271)

Calling it a "technology" I suppose detracts from the fact that the lack of an executable bit in x86 page tables is a deficiency. You see, this "feature" has been around since, oh, the middle of the last century, and many processors other than x86 have supported it without even considering it worth mentioning.

Mod Parent Up (2, Insightful)

Anonymous Coward | more than 10 years ago | (#9348360)

Yes, I sincerely agree. Unfortunately this usage error of the word is now so widespread, I fear nothing can be done anymore.

Looks like only the wise understand the distinction among "tool" and "feature" and and "technique" and "technology", but the rest of the people who gather their world knowledge from buzzword driven press articles will keep thinking that Visual Basic is a "technology" as well as Java.

Actually it would be interesting to discuss how the scopes of these 3-4 concepts should be in the area of computers.

Space the Final Frontier... (2, Funny)

Quantum Jim (610382) | more than 10 years ago | (#9348279)

I'm Captain Jonathon Archer of the starship, Red Hat Enterprise, NX-01 class security. ;-)

AMD once again taking the lead. (5, Interesting)

l0ungeb0y (442022) | more than 10 years ago | (#9348284)

"AMD's Athlon 64 and Opteron processors have had NX since their debut, though the extra bit won't do anything on a Windows XP system until you obtain and install Service Pack 2. Intel is expected to add NX (or XD) to the next generation of its 90-nanometer-process Pentium 4 "Prescott" CPUs -- bundling the security enhancement with a larger 2MB Level 2 cache and perhaps a faster 1066MHz front-side bus -- in the fourth quarter of this year."

This year has truly been AMD's year to guide the microprocessor market. Remember not so far back when everything AMD did was a response to Intel? This year it's been Intel responding to AMD. I hope this trend continues as it shows that the so-called WIntel stranglehold is starting to crack and that it is possible for the competition to assume a leading role in the market. Now hopefully, IBM has something in the works for it's PPC/Power lines, as they've been working closely with AMD and this processor feature is something that every networked system could use.

Re:AMD once again taking the lead. (2, Insightful)

Dachannien (617929) | more than 10 years ago | (#9348597)

At this point, it doesn't really matter, because they're all going to screw us over with Trusted Computing soon enough.

A Problem or Not? (0, Troll)

tetrahedrassface (675645) | more than 10 years ago | (#9348301)

Who defines what is malicious? Is it outwrite malicous activity (READ intrusion and destruction), or code that is identified and peer reviewed as malicious? I just want to know who is deciding what can go on my box and why. Will mp3's be one day named malicious because the code may or may not infringe on patents? Or is this truly a stop-gap measure to prevent getting rooted? What about patent infringements? Im sure some quarters would say that is malicious indeed. Just a question after my beers. DB

A troll or not? (0)

Anonymous Coward | more than 10 years ago | (#9348355)

Who defines what is interesting? I just want to know who is deciding what posts are interesting and what is not. Because this poster has no fucking clue what he's talking about.

Kernel 2.6.6 included a x86_64 NX patch (5, Informative)

Anonymous Coward | more than 10 years ago | (#9348324)

This new patch is to support NX in 32-bit processors or 64-bit processors running in 32-bit mode.

The 2.6.6 kernel already included an NX patch for x86_64. Details are in the "Non-Exec stack patches" LKML thread here [seclists.org] .

why does everyone have the #934? (-1, Offtopic)

tetrahedrassface (675645) | more than 10 years ago | (#9348358)

why does everyone posting have the #934 in their id number? Conspiracy? Just look and ye shall see. :)

Re:why does everyone have the #934? (-1, Offtopic)

tetrahedrassface (675645) | more than 10 years ago | (#9348371)

btw that was a joke...

Re:why does everyone have the #934? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9348562)

You see, if you tell a joke, and it's not the least bit funny, you've sort of missed the whole point.

Re:why does everyone have the #934? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9348573)

note to s3lf: jokes=funneh.. tanks!!

Re:why does everyone have the #934? (1)

caston (711568) | more than 10 years ago | (#9348379)

That's their POST number dumbass!

Re:why does everyone have the #934? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9348384)

bleh... joke..haha.

Re:why does everyone have the #934? (-1, Offtopic)

MikeXpop (614167) | more than 10 years ago | (#9348397)

um, that's not their ID number. That's their post number.

Re:why does everyone have the #934? (-1, Offtopic)

tetrahedrassface (675645) | more than 10 years ago | (#9348400)

good god. it was a joke. :) Give it a rest.

Please mod this up, and mod parent down! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9348426)

There! :)

Re:Please mod this up, and mod parent down! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9348490)

we could always opt for some sort of sideways moderation. though its complicated. Left-Right. Jeez the choices one must make. :)

NX, Impressive! The processor has learned well! (4, Insightful)

doublebackslash (702979) | more than 10 years ago | (#9348406)

Now it is time for you, young grsshopper, to learn as well.
translation:
Malicious code executing itself via a buffer overflow is actually one of the lesser evils in the virus world. Most users will gladly allow anything to run on their box, especially if it does something cool (time, weather, cutesy things, etc), and with everyone being root on Windows boxes, this means the program can do whatever the hell it wants and windows won't say anything/much.
The NX bit is great, especially for servers where generally the only kind of attack is a buffer overflow. Like I said the procesor has learned well, but the users must learn also.

Will performance decrease? (0)

Anonymous Coward | more than 10 years ago | (#9348407)

Due to overhead, if any!

definitely helpful but no silver bullet (3, Informative)

The_Bagman (43871) | more than 10 years ago | (#9348428)

This is basically an "execute / no-execute" bit in the page-table entries. It means the OS can mark portions of an application's virtual address space as non-executable - such as pages in the heap or the stack. It'll help against buffer-overflow attacks that put new assembly code in the stack and return into it. It won't help against buffer-overflow attacks that return into existing code (e.g., to do a system call). It won't help against worms that take advantage of meta-character expansion vulnerabilities. It won't help against scripting flaws (such as javascript, active-x, or visual-basic/outlook vulnerabilities). It won't help against weaknesses in the OS itself.

Think of this as raising the bar. Of course, the "clever" attackers will still find flaws, and still write code for the script kiddies to use to exploit them.

Intel wrote Linux wireless support? (0, Offtopic)

rimu guy (665008) | more than 10 years ago | (#9348442)

http://zdnet.com.com/2100-1104-5227102.html [com.com] :

In addition to the NX work, Intel this year released prototype wireless network support--albeit nearly a year after full-fledged support was available in Windows.

Don't they mean that Linux had new wireless network support this year? Or was Intel the wireless support contributor for Linux? Either way I think the sentence is in error. Though I'm probably just being pendantic for raising it.

---
VPS Hosting [rimuhosting.com]

Re:Intel wrote Linux wireless support? (1)

VertigoAce (257771) | more than 10 years ago | (#9348550)

From the link it is just referring to support for Intel's Centrino processors. Intel is responsible for the wireless support under Linux for the integrated wireless found in some Pentium M systems.

drm (-1, Troll)

name773 (696972) | more than 10 years ago | (#9348540)

yeah, those linux people are at it again with their drm
*sigh*
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?