Y
Yousuf Khan
Red Hat's latest NX patch is written with the assistance of Intel engineers:
http://www.linuxelectrons.com/article.php/20040606105136214
"The patch is based on a prototype NX patch written for 2.4 by Intel -
special thanks go to Suresh Siddha and Jun Nakajima @ Intel. The existing NX
support in the 64-bit x86_64 kernels has been written by Andi Kleen and this
patch is modeled after his code. "
Also it looks like this patch is able to catch kernel code that is being
executed off of the stack:
"Furthermore, the patch also implements 'NX protection' for kernelspace
code: only the kernel code and modules are executable - so even kernel-space
overflows are harder (in some cases, impossible) to exploit. Here is how
kernel code that tries to execute off the stack is stopped ..."
Yousuf Khan
http://www.linuxelectrons.com/article.php/20040606105136214
"The patch is based on a prototype NX patch written for 2.4 by Intel -
special thanks go to Suresh Siddha and Jun Nakajima @ Intel. The existing NX
support in the 64-bit x86_64 kernels has been written by Andi Kleen and this
patch is modeled after his code. "
Also it looks like this patch is able to catch kernel code that is being
executed off of the stack:
"Furthermore, the patch also implements 'NX protection' for kernelspace
code: only the kernel code and modules are executable - so even kernel-space
overflows are harder (in some cases, impossible) to exploit. Here is how
kernel code that tries to execute off the stack is stopped ..."
Yousuf Khan