FreeBSD and DEP aka "NX bit"?
Alfred Perlstein
alfred at freebsd.org
Tue Aug 26 16:28:08 UTC 2008
* Andrew Reilly <andrew-freebsd at areilly.bpc-users.org> [080826 00:51] wrote:
> On Sat, Aug 23, 2008 at 05:13:30PM -0700, Matthew Macy wrote:
> > On Sat, Aug 23, 2008 at 5:04 PM, Ivan Voras <ivoras at freebsd.org> wrote:
> > > I stumbled upon this Wikipedia page:
> > > http://en.wikipedia.org/wiki/Comparison_of_BSD_operating_systems#Security_features
> > > and it mentions NX bit is supported in FreeBSD. Is this true? Is it
> > > enabled by default?
> >
> > Yes. However, it is in the upper word so it only works with PAE or
> > amd64. "jemalloc" maps the heap NX and thread stacks are mapped NX.
> > The default process stack currently needs to be executable because
> > sigcode is placed at the start of the stack at the time of process
> > creation.
>
> Oh, I was looking into this a few months ago, and came to the
> conclusion that NX wasn't turned on at all.
>
> How do applications/languages that use JIT or other run-time
> code generation get around the non-executable heap? Just not
> use jemalloc?
>
> I've been using 7-STABLE on amd64 for a long time, and haven't
> noticed any problems with Java or SBCL lisp or PLT-scheme, all
> of which use JIT code generation (but probably neither use
> jemalloc?)
mprotect(2)?
--
- Alfred Perlstein
More information about the freebsd-arch
mailing list