Slackware-13.1-Hacks-NX Bit
Posted 01-03-2011 at 12:35 AM by arniekat
The NX bit, which stands for No eXecute, is used in processors to separate areas of memory for use by either storage of processor instructions OR for storage of data. The NX Bit is used for security reasons to prevent certain types of malicious software from taking over computers by inserting their code into another program's data storage area and running their own code from within this section (also called a Buffer Overflow Attack).
Intel has the feature called the XD bit, for eXecute Disable. AMD uses the name Enhanced Virus Protection. The ARM architecture refers to it as XN for eXecute Never.
The 3 things required to have NX functioning:
1. CPU that supports NX. You can look up the CPU model at the vendors website and look for Execute Disable Bit (Intel), Enhanced Virus Protection (AMD) or Execute Never (ARM). Also, if your CPU supports PAE, NX should also work. Look for "pae" in the flags section when you run:
$ cat /proc/cpuinfo
2. 32-Bit Kernel with Physical Address Extensions (PAE) OR a 64-Bit Kernel. The stock Slackware 13.1 32-Bit Kernel will require a recompile with the following enabled in the kernel configuration file:
* Processor type and features > High Memory Support > 64GB [X]
3. Your BIOS needs to be set correctly. Here is an example BIOS configuration for an MSI Motherboard with an Intel Pentium Dual-Core Processor that is 64-Bit capable.
To enable NX in the BIOS, hit the "Delete" key when you reboot to enter the BIOS.
CMOS Setup Utility
Select "Advanced BIOS Features"
Select "CPU Features"
Change Execute Bit Support from "Disabled" to "Enabled"
BIOS Note-When disabled, forces the XD feature flag to always return 0
Press F10 to Save and Exit the BIOS Settings
Press Esc to Exit BIOS without Saving
If your BIOS is set correctly and the CPU has NX-bit capabilities and you are running a 32-Bit Kernel with Physical Address Extensions (PAE) OR a 64-Bit Kernel, then you will see "nx" listed as a feature of the processor in the flags when you run:
$ cat /proc/cpuinfo
Intel has the feature called the XD bit, for eXecute Disable. AMD uses the name Enhanced Virus Protection. The ARM architecture refers to it as XN for eXecute Never.
The 3 things required to have NX functioning:
1. CPU that supports NX. You can look up the CPU model at the vendors website and look for Execute Disable Bit (Intel), Enhanced Virus Protection (AMD) or Execute Never (ARM). Also, if your CPU supports PAE, NX should also work. Look for "pae" in the flags section when you run:
$ cat /proc/cpuinfo
2. 32-Bit Kernel with Physical Address Extensions (PAE) OR a 64-Bit Kernel. The stock Slackware 13.1 32-Bit Kernel will require a recompile with the following enabled in the kernel configuration file:
* Processor type and features > High Memory Support > 64GB [X]
3. Your BIOS needs to be set correctly. Here is an example BIOS configuration for an MSI Motherboard with an Intel Pentium Dual-Core Processor that is 64-Bit capable.
To enable NX in the BIOS, hit the "Delete" key when you reboot to enter the BIOS.
CMOS Setup Utility
Select "Advanced BIOS Features"
Select "CPU Features"
Change Execute Bit Support from "Disabled" to "Enabled"
BIOS Note-When disabled, forces the XD feature flag to always return 0
Press F10 to Save and Exit the BIOS Settings
Press Esc to Exit BIOS without Saving
If your BIOS is set correctly and the CPU has NX-bit capabilities and you are running a 32-Bit Kernel with Physical Address Extensions (PAE) OR a 64-Bit Kernel, then you will see "nx" listed as a feature of the processor in the flags when you run:
$ cat /proc/cpuinfo
Total Comments 0