On Thu, 6 Jan 2005, Florian Gro? wrote:
> Mathieu Bouchard wrote:
> > 2. Are there any OS'es that block execution of data-segments? IIRC, the
> > i386-family supports such permission flags, but I don't know which OS'es
> > use it for real. (Linux doesn't...)
> 
> Isn't N^X all about that?

What's this N^X thing? is that the hot new way to say UNIX? Or is it the
way to say *NIX as an obscure echo to AT&T/Lucent litigations, all the
while trying not to sound like an old fart? Anyway "N^X" to me looks like
nothing at all, and I'd label it plain skriptkiddie-talk if it weren't
generally an insult. I don't even want to know where the "^" comes from.

Anyway, what do you mean by "all about"... UNIX brought a whole slew of
things over 35 years... it's not like any feature of UNIX really defines
UNIX; and not even many features are typical of UNIX, especially as most
other OS'es have implemented them since.

Besides, permission bits on segments aren't a defining feature of any OS,
it's just a feature of some CPU's, that the OS may give an interface to or
not.

What I meant by "Linux doesn't" is that data segments are executable by
default. I wanted to know which OS'es default to non-executable, and which
of those OS'es don't allow executable segments at all.

> It seems to be quite a hot thing for protecting against stack
> overflows right now.

hmmm?... i guess you mean protecting about unchecked overflow of buffers
that are stack-allocated ?... sounds like a useful trick, though I'm not
well-versed enough in security to know whether that's practically useful,
or just another paranoid compulsion.

Else, if i read you literally, then no, it doesn't do anything about
stack-overflows, nor does it help.

_____________________________________________________________________
Mathieu Bouchard -=- Montr?al QC Canada -=- http://artengine.ca/matju