Re: [Valgrind-developers] debugging valgrind

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Julian Seward wrote:
>>>and with NX-aware processores and kernels it will no longer work.
>>
>>I'm no expert on that stuff, but I believe that GCC just turns off the
>>no-exec functionality in such systems in these cases.  Nasty, huh?
> 
> 
> If the NX functionality is turnable-offable from user-space, how can it 
> have any value as a security enhancement mechanism?
> 
> /me suspects /me has misunderstood something.

The NX feature should harden your application against 
buffer-overflows[1]. But NX is a protection against remote exploits, not 
against locale exploits. If an attacker has sucessfully injected (and 
executed) code into your system, he has already won, there is no need to 
turn off NX :)

And of course you can't switch off NX for files you don't have write 
access to (it's encoded in the header of the files, not in your 
~/.nxconf ;) ).

> 
> J
> 

Sebastian

[1] Note that NX without address space randomization is almost useless, 
but that's another story.