On Mon, Oct 11, 2010 at 11:08:04PM -0500, Boyd Stephen Smith Jr. wrote: > On Monday, October 11, 2010 17:18:34 you wrote: > >On 10/11/2010 12:21 PM, Boyd Stephen Smith Jr. wrote: > >>> What can be done to not disable page protections in the default > >>> kernel? > >> > >> Enable PAE. From what I understand, the features are not separable > >> in the i386 kernel. You either suffer under PAE and get NX, or you > >> suffer without NX and drop PAE. > > > >That's my understanding too. I was really asking about the default. > > > >Most of us would prefer the 1% performance hit over having an > >executable stack (and heap). > > Then install -bigmem, reboot and be done. > > Remember that Debian i386 targets more than beefy servers. In fact, it > probably has a larger install base on Atom-based router boards, All-in-one > PCs, and "netbooks".
And it might be non-obvious, but some CPUs (e.g. the one in my not-so-old laptop) don't support PAE, so making the default kernel use PAE would make debian unbootable on them. -- Marcin Owsiany <porri...@debian.org> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101012101045.ga3...@beczulka
