Thanks, Kees.
nx is in /proc/cpuinfo as a flag, though it does not appear at all in my dmesg output. From what I can tell from the Ubuntu link you supplied, I am assuming this means that my CPU supports nx but I do not have the right type of kernel, i.e., one that uses PAE addressing, to support enforcement (or is that part Ubuntu specific). Does this sound plausible? -----Original Message----- From: Kees Cook <k...@debian.org> To: Brchk05 <brch...@aim.com> Cc: debian-security@lists.debian.org Sent: Sun, Oct 10, 2010 12:07 pm Subject: Re: non-executable stack (via PT_GNU_STACK) not being enforced Hi, On Sun, Oct 10, 2010 at 09:53:40AM -0400, Brchk05 wrote: > However, I am able to inject and execute shellcode from a stack local character buffer in both versions. Is there another system option I am unaware of that affects enforcement? Is enforcement not supported for my system version? Your CPU may not support NX enforcement. Check your dmesg output, and your cpuflags line in /proc/cpuinfo for "nx". See https://wiki.ubuntu.com/Security/Features#nx though ignore the nx-emu notes, as that's not in Debian. -Kees -- Kees Cook @debian.org
