NX protection? What is this? Topic is solved

[dedanna1029]

I have a message in dmesg that I have no clue what it is... if anyone knows, I'd appreciate feedback. It's at the beginning of dmesg:

Code: Select all

:) dmesg
Initializing cgroup subsys cpuset
Initializing cgroup subsys cpu
Linux version 2.6.35-ARCH (tobias@T-POWA-LX) (gcc version 4.5.1 (GCC) ) #1 SMP PREEMPT Sat Oct 30 19:57:05 UTC 2010
BIOS-provided physical RAM map:
 BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
 BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
 BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved)
 BIOS-e820: 0000000000100000 - 000000003ff40000 (usable)
 BIOS-e820: 000000003ff40000 - 000000003ff50000 (ACPI data)
 BIOS-e820: 000000003ff50000 - 0000000040000000 (ACPI NVS)
------->Notice: NX (Execute Disable) protection missing in CPU or disabled in BIOS!

What the heck is NX?

Thanks.

[dedanna1029]

Seems it's a security feature?

I'm not familiar with the ins and outs - is this really all that important to have on 32-bit? Please say no, because I really don't want to install the server version of the kernel.

Thanks.

[viking60]

http://en.wikipedia.org/wiki/NX_technology

NX compresses the X11 data to minimize the amount of data transmitted. NX takes full advantage of modern hardware by caching all manner of data to make the session as responsive as possible. For example the first time a menu is opened it may take a few seconds, but on each subsequent opening the menu will appear almost instantly

[dedanna1029]

Thanks!

[blogger3303]

(This response mostly applies to Oracle Linux 6.5)
NX protection protects against Stack Buffer Overflow attacks.
It limits the ability of processors to have simultaneous write and execute access to memory.
You don't need it if you're not loading the enterprise kernel, or just playing around.

NX protection is found in the Oracle Linux kernel, often called "Unbreakable Enterprise Kernel".
It's also called Data Execution Prevention (DEP), to prevent buffer stacks from taking down your machine.
The technology is also found in RedHat Enterprise Linux,under a different syntax.

Determine what version you're using:
# uname -r | grep uek

If no value is returned, it's running RedHat.



############## For Oracle Linux ###################

Verify that Data Execution Prevention (DEP) feature is enabled:
# dmesg | grep NX.*protection
Should get something like "NX (Execute Disable) protection: active"

If it's empty, find out whether or not the kernal can actually handle NX processing:
# grep nx /proc/cpuinfo

If no values is returned, it's a no-go on the NX for your kernel.

By default DEP is enabled on Oracle Linux.
If DEP is not enabled, make sure "noexec=off" does not appear in /boot/grub/grub.conf



############## For Redhat Linux ###################

If you're running RedHat, and you want turn it on,
ensure that "kernel.exec-shield=1" appears in /etc/sysctl.conf.
(minus the double quotes)
Reboot the machine


For the Linux community.....

[viking60]

Thanks for clearing that up for us blogger3303 - and welcome

I have noticed that it is active in Manjaro too

Code: Select all

dmesg |grep NX

results in:

NX (Execute Disable) protection: active

Please do feel free to tell us about Oracle Linux since you have experience with it...

[dedanna1029]

Nice. Thanks!