Date: Tue, 26 Aug 2008 09:28:07 -0700 From: Alfred Perlstein <alfred@freebsd.org> To: Andrew Reilly <andrew-freebsd@areilly.bpc-users.org> Cc: freebsd-arch@freebsd.org, Ivan Voras <ivoras@freebsd.org>, Matthew Macy <mat.macy@gmail.com> Subject: Re: FreeBSD and DEP aka "NX bit"? Message-ID: <20080826162807.GF16977@elvis.mu.org> In-Reply-To: <20080826074943.GB85357@duncan.reilly.home> References: <g8q8i5$s9g$2@ger.gmane.org> <3c1674c90808231713x47e42de5oa9fc2f2f244d2e74@mail.gmail.com> <20080826074943.GB85357@duncan.reilly.home>
next in thread | previous in thread | raw e-mail | index | archive | help
* Andrew Reilly <andrew-freebsd@areilly.bpc-users.org> [080826 00:51] wrote: > On Sat, Aug 23, 2008 at 05:13:30PM -0700, Matthew Macy wrote: > > On Sat, Aug 23, 2008 at 5:04 PM, Ivan Voras <ivoras@freebsd.org> wrote: > > > I stumbled upon this Wikipedia page: > > > http://en.wikipedia.org/wiki/Comparison_of_BSD_operating_systems#Security_features > > > and it mentions NX bit is supported in FreeBSD. Is this true? Is it > > > enabled by default? > > > > Yes. However, it is in the upper word so it only works with PAE or > > amd64. "jemalloc" maps the heap NX and thread stacks are mapped NX. > > The default process stack currently needs to be executable because > > sigcode is placed at the start of the stack at the time of process > > creation. > > Oh, I was looking into this a few months ago, and came to the > conclusion that NX wasn't turned on at all. > > How do applications/languages that use JIT or other run-time > code generation get around the non-executable heap? Just not > use jemalloc? > > I've been using 7-STABLE on amd64 for a long time, and haven't > noticed any problems with Java or SBCL lisp or PLT-scheme, all > of which use JIT code generation (but probably neither use > jemalloc?) mprotect(2)? -- - Alfred Perlstein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080826162807.GF16977>