Comments on: Linux gets trial 'NX' security support

Intel and Red Hat released prototype software to let Linux support the "no execute" security technology--and Linus Torvalds has endorsed it as a high priority even if it ruffles some feathers.

[ttul]

OpenBSD already does this

FYI, Linux is not the first to make use of the NX bit. OpenBSD has supported hardware-based "no execute" since the 3.3 release (over a year ago).

It's worth noting that OpenBSD even provides a form of no-execute protection on i386 CPUs by making use of the memory management unit in a creative way.

PaX has done this since late 2000

PaX has had this on Linux since late 2000 (October 11). I can site the NX article on wikipedia for this:

http://en.wikipedia.org/wiki/NX

Also, the PaX documentation,

http://pax.grsecurity.net/docs/pageexec.old.txt

And there is a full PaX wikipedia article as well:

http://en.wikipedia.org/wiki/PaX

PaX was born October 1, 2001, and is the oldest out of PaX, ExecShield, OpenBSD's W^X, and MS Windows XP SP2. OBSD's W^X came out in 3.3 in May, 2003. I don't have a date for SP2 or ES.

Now I'm upset....

I've owned NXSecure for a long time (many years) and now some company want's to move in and take MY NAME...

What's the deal with that????

[Anonymous]

Linux has had this for a long time

This is really just joint PR for Intel...

Linux has supported NX functionality for CPUs that support it. For CPUs that don't support NX in hardware, Linux has the Exec Shield facility, which provides the same functionality in software. Effectively, even 386 CPUs have this function with Linux already.

NX moves the support to CPU hardware, saving a fractional percent in overhead (never noticed it).

So, while this is new for WinXP, it's old for Linux. The media blitz is just to let folks know that Linux will support the hardware function, when it's available on the Intel CPUs. There is NO CHANGE in the actual security or function on Linux