Non executable stack with Linux -- && 64bit CPU needed?
 

I was reading about non-executable stack @ netBSD.org.
I found also a kernel patch for non-executable stack @ opnewall.

I read @ netBSD.org that at some spesific architectures like AMD64 the non-executable stack is fully supported by the CPU.
In x86 arch there is a software emulation about it.How effective that is ?

So my question is :: Is it good to buy an AMD64 and what is the support for non-executable stack for Linux for both AMD64 && x86 ???

I found also a kernel patch for non-executable stack @ Openwall.
No need to buy a whole new CPU for having non-exec. Have a look at Grsecurity, especially pax.grsecurity.net for info on PAX.

And for the record, NetBSD actually imported their W^X code from OpenBSD, which does support NX natively with the need for any patches what so ever. Of course, you did ask specifically for Linux support, so you're stuck with Grsecurity or Openwall :)

Correct me if I am wrong, but does a non-excutable stack mean that stack-based buffer overflows that insert executable code are worthless? Basically, what is the purpose of a non-excutable stack?

-GSD

Your average stack based buffer overflow tries to overwrite the address the code executes at, directing it to some other point (specified by the attacker), thus running his code. Often this other code is injected onto the stack itself. So this prevents that attack. If the attacker can make the code jump to somewhere not on the stack, then this protection doesn't help. This makes it harder, though not impossible, for an attacker to do arbitrary code execution. Of course, an attacker can still crash the application by messing around with the stack or by overwriting memory far enough to cause an access violation and the corresponding segmentation fault.

I may be a little off on some of the details (read a paper about this some months back), so someone correct me if I got any of it wrong.

You'll probably find this presentation helpful. It explains what the OpenBSD team did to harden their statck. Basically, the protection is called W^X because each page is either writeable, or executable, but never both. This means you can write arbitrary data and then execute it.