Talk:NX bit

From Wikipedia, the free encyclopedia

The new version of NX remuddled everything I had split out into an unreadable mess, again. I prefer to have a sorted list of technologies from most recent to oldest rather than a huge lug of a paragraph that appears unorganized.

If nobody objects, in 3 days I'll reorganize it by pulling the old stuff back into the page, adding the new information to it, and adding in the new paragraph (ExecShield). Don't come in behind me and remuddle it again without giving proper justification, or I'll have to claim an edit war.

--Bluefox Phoenix Lucid 18:14, 11 Jul 2004 (UTC)

If you're going to rework the article, fine, but Wikipedia editors must act cooperatively. Claiming edit wars would not be a Good Thing to do. Dysprosia 00:50, 12 Jul 2004 (UTC)

Contents 1 in response to Bluefoxicy 2 Response 3 Data Organization 4 Take a good, hard look 5 Removed Star Trek reference 6 NX introduction 7 Any Mac OS X specific info? 8 Windows XP Professional x64 Edition 9 404

[edit] in response to Bluefoxicy

If you will notice the date on my edit (16 Jun 2004) and the date on the 2.6 forward port of PaX (25 Jun 2004) you will see that I wrote it before PaX for 2.6 came out. At the time, the grsecurity project lost some sponsorship and claimed that development would cease untill a new sponsor was located. PaX is part of grsecurity and grsecurity is dead. Since I can't find any mention of PaX being forward ported, this tells me PaX is dead.

Exec-shield was introduced to LKML and Linus Torvalds himself stated that it should be included with NX turned on by default in the Kernel. Redhat funds the developer of exec-shield and it is given Linus's blessing minus the randomization feature. This tells me exec-shield is good.

Now, Grsecurity found new sponsorship and PaX was forward ported to 2.6. Additionally, I was wrong in stating that PaX does not support hardware NX. Yes, I am admitting fault. However, "threatening" to edit what I wrote and suggesting the start of an edit war is childish. I doubt the admins will smile on this behavior. I already have someone who agrees with me so please edit it to make it NPOV. This is just my 3¢

[edit] Response

I'm not disputing that ExecShield is good; I am disputing the way you presented the information. The page is difficult to read in comparison to the previous version, and has several pieces of information discarded.

Also, I made no threats; I took the nature of the edit on this article, which reduces the amount of information and the clarity of presentation, as hostile for reasons that need not be brought to public. I only intended to make clear that if I restructure the data again, I expect to not see the changes reverted, as I will not be removing or poorly conveying information. I would be forced to bring higher administration in if these changes were reversed, because I would prefer to avoid a dispute on how the data will be presented.

Thank you, however, for handing me the keys. I apologize if any of my behavior seemed irrasional or offensive.

As for the release dates, PaX has been around for 2.6 kernels for several months. It has been in existence for several years.

My opinions for several reasons are that PaX is the better technology; however, I only aim to present all data I have immediate access to in a clear and concise way in articles (discussion on "which is better" is appropriate for talk :). I'm certain that the better technology will be seen as such.

Also, you should note that although very old and complete, and in active development, PaX is not known widespread. If you enter a Linux channel such as #mandrake, #rehdat, #linux, or others, many people will ask, "What the hell is pax," when you ask a question about it. Thus, we can't comment that one is better than the other on the basis that Linus decided to add NX to the tree.

--Bluefox Phoenix Lucid 00:53, 13 Jul 2004 (UTC)

EDIT: NX is not Exec Shield :)

[edit] Data Organization

Somehow this page has to be organized. I'm thinking that a flat data organization would look like this:

== OS Name ==
=== NX_TECH Name ===

• Hardware Supported Processors: IA-32 (x86), AMD64, X86-64
• Emulation: No | Architecture Independant | IA-32 (x86)
• Standard Distribution: No | Yes | With versions/distributions: Redhat, Debian, SuSE
• Release Date: Jan 1, 9999

To do this in paragraph form, we'd need all the data, else it'd look choppy (as it does now). I'm throwing this in the current, but eh. It's ugly; of course in this case, it's nice to have a good view at first glance.

EDIT: OK, did that. We need to list ALL the processors that Exec Shield, PaX, W^X, and SP2 support. Also, need to find out more on the standard Linux NX emulation and the supported emulation archs PaX uses. Exec Shield itself doesn't emulate NX; it uses the NX patch Molnar made for that.

[edit] Take a good, hard look

I'm not sure on the current data under Linux in this article now. It's partly from something i'm discussing with someone else, and partly stuff that was already there, none of which I can personally verify. Take a good, hard look, and fix up anything invalid.

--John Moser 22:33, 17 Jul 2004 (UTC)

[edit] Removed Star Trek reference

I removed the Star Trek reference added by User:Mulad as being entirely irrelevant. This page is "NX bit", and the NX prefix in Star Trek has nothing to do with bits. I created a redirect page from NX (Star Trek) to NCC (Star Trek). If someone wants to create an NX disambiguation page, it could reasonably have links to NX bit and NX (Star Trek). --Brouhaha 17:04, 12 Oct 2004 (UTC)

[edit] NX introduction

I think that the article should say that the purpose of the NX is basically to turn code execution exploits into denial-of-service exploits. --Myria 16:47, 30 Oct 2004 (UTC)

I don't agree with that if it is worded that generally. Not all code-execution exploits become denial-of-service exploits when NX is used. For instance, suppose you attempted to such an exploit against a telnet daemon on a typical Unix or Linux system. The specific process would segfault, but there would be no denial-of-service to any other user of the telnet service or any other service on the machine.

NX also has some uses other than protecting against malicious code exploits. It can be a very useful debugging tool, both to catch cases where the code has "gone into the weeds", and by temporarily marking pages that actually are executable as NX to detect whether execution reaches those pages. --Brouhaha 18:05, 30 Oct 2004 (UTC)

this is no't very good

[edit] Any Mac OS X specific info?

I see Windows, BSD, and Linux mentioned in the software section, but nothing about Mac OS X. Could someone please add relevant info?

[edit] Windows XP Professional x64 Edition

I've added Windows XP Professional x64 Edition to the list of Windows' standard distributions because even though it was built off of Windows 2003 SP1 it is a unique version of Windows from those already listed. --Atlanta800 23:55, 23 July 2006 (UTC)

[edit] 404

links at bottom of article to MSDN are no more valid Try for example links like http://support.microsoft.com/kb/875352 http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2mempr.mspx