Jump to content

NX bit

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Enigmasoldier (talk | contribs) at 11:50, 16 June 2004 (Complete rewrite). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

NX stands for "no execute", a technology used in CPUs such as Sun's Sparc, Transmeta's Efficeon, and newer 64-bit x86 processors to prevent code from being executed on areas of memory flagged with an NX bit. This feature signifigantly lowers the probability of hackers exploiting buffer overflows and increases overall system security.

An operating system with the ability to emulate and/or take advantage of an NX bit may prevent the stack and heap from being executable, and may prevent executable memory from being writable. This helps to prevent certain buffer overflow exploits from succeeding, particularly those that inject and execute code, such as the Sasser and Blaster worms. These attacks rely on some part of memory, usually the stack, to be both writable and executable; if it is not, the attack fails.

This technology is implemented in different ways by different operating systems. As of June 2004, Redhat kernel developer Ingo_Molnar released a Linux kernel patch named Exec-shield to fully utilize the NX bit in supporting CPUs from Intel, AMD, Transmeta and VIA. For CPUs that do not support a hardware NX bit, such as the 32-bit x86 processor family, a kernel patch named PaX can emulate NX functionality. However, the Linux kernel does not ship with PaX, which must be installed manually. Microsoft plans to support NX capabilities in Windows XP Service pack 2 and Longhorn. Finally, the OpenBSD project supports software NX through W^X, which also supports hardware NX on Alpha, AMD64, HPPA, and Sparc processors.


This article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=NX_bit&oldid=4367341"