From owner-freebsd-arch@FreeBSD.ORG  Sun Aug 24 00:43:02 2008
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3BC1E1065688
	for <freebsd-arch@freebsd.org>; Sun, 24 Aug 2008 00:43:02 +0000 (UTC)
	(envelope-from mat.macy@gmail.com)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.235])
	by mx1.freebsd.org (Postfix) with ESMTP id 17DA88FC18
	for <freebsd-arch@freebsd.org>; Sun, 24 Aug 2008 00:43:01 +0000 (UTC)
	(envelope-from mat.macy@gmail.com)
Received: by rv-out-0506.google.com with SMTP id b25so1763444rvf.43
	for <freebsd-arch@freebsd.org>; Sat, 23 Aug 2008 17:43:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to
	:subject:cc:in-reply-to:mime-version:content-type
	:content-transfer-encoding:content-disposition:references;
	bh=ew2GUGjz9Po/UesA8264SqzycVywhMCoJl05azC5eOU=;
	b=Ju+nP5EDU+9BJTHhdqZFGfx5XbqWrka4wSTu5rc8XTwJPaMYD8DAVcS+GkyEX/k4jz
	hf1lmMP8rdhLfFOuNl7qDTNIGZNTRFeCFSKMD92X/xW3cdd4VKlyVaCWqD15hBAgBue/
	7XV2YQe12QTVFCn0kGStGWHCVc8mB1oGqx8FU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:cc:in-reply-to:mime-version
	:content-type:content-transfer-encoding:content-disposition
	:references;
	b=g3cc0/ndB2IMExyB9CDDDqRkusdc2yNNdn5ZBsEl6MgRIn9oGW4lwDN5dx7e4oqOCk
	ArM+nQqQ4Feq99Hi8HaxO+ufUnjKr1irz3jomsijaYGYapJFkousGmNMjNZNBjguqsVf
	Vm1ct15PRyoAFI2O5Je4nU5WCpHrIFLGTEll4=
Received: by 10.140.170.12 with SMTP id s12mr1350367rve.83.1219536810357;
	Sat, 23 Aug 2008 17:13:30 -0700 (PDT)
Received: by 10.141.101.21 with HTTP; Sat, 23 Aug 2008 17:13:30 -0700 (PDT)
Message-ID: <3c1674c90808231713x47e42de5oa9fc2f2f244d2e74@mail.gmail.com>
Date: Sat, 23 Aug 2008 17:13:30 -0700
From: "Matthew Macy" <mat.macy@gmail.com>
To: "Ivan Voras" <ivoras@freebsd.org>
In-Reply-To: <g8q8i5$s9g$2@ger.gmane.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <g8q8i5$s9g$2@ger.gmane.org>
Cc: freebsd-arch@freebsd.org
Subject: Re: FreeBSD and DEP aka "NX bit"?
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Aug 2008 00:43:02 -0000

On Sat, Aug 23, 2008 at 5:04 PM, Ivan Voras <ivoras@freebsd.org> wrote:
> I stumbled upon this Wikipedia page:
> http://en.wikipedia.org/wiki/Comparison_of_BSD_operating_systems#Security_features
> and it mentions NX bit is supported in FreeBSD. Is this true? Is it
> enabled by default?

Yes. However, it is in the upper word so it only works with PAE or
amd64. "jemalloc" maps the heap NX and thread stacks are mapped NX.
The default process stack currently needs to be executable because
sigcode is placed at the start of the stack at the time of process
creation.

-Kip