Защита от внедренного кода.

Обсуждение в разделе «Защита ОС: антивирусы, фаерволы, антишпионы», начал(-а) EP025, 15.03.2016.

  1. EP025

    EP025 New Member

    Регистрация:
    1.01.2016
    Сообщения:
    25
    Одобрения:
    2
    Репутация:
    0
    Всем привет! Ребят, кто-нибудь в курсе, как можно убрать NX-bit/XD-bit?(встроенная защита процессора для предотвращения выполнения данных как кода)
    Советов по его отключению я так и не нашел, лишь кучу формулировок о описаний.
    Я читал, что можно его отключить через BIOS, но настройки устройств в BIOS'e отсутствуют.
    Может быть есть какие-нибудь программы для изменения настроек?
    ________________
    Ось: Linux Ubuntu 14.04 x86
    Процессор: Intel Atom CPU N570 @1.66 GHz
     
  2. DooD

    DooD Elder - Старейшина

    Регистрация:
    30.09.2010
    Сообщения:
    1 115
    Одобрения:
    314
    Репутация:
    167
    - make sure you have a CPU that has the NX feature. Such CPUs are:
    all 64-bit variants of AMD (Athlon64, Opteron), future CPUs of
    Intel, Transmeta and VIA. (NOTE: 64-bit x86_64 kernels already
    make use of the 64-bit variant of the NX feature - this patch
    is only meant for 32-bit x86 kernels and distributions.)

    - double-check that your distribution supports the PT_GNU_STACK feature.
    This is a method to mark application stacks as executable or
    non-executable. A fair portion of overflow bugs are on the stack so you
    really want non-exec stacks. The NX feature will still work if you apply
    the patch but its effect will be limited. Distributions that have the
    PT_GNU_STACK feature are [surprise :)] Fedora Core 1 and 2, RHEL3, SuSE
    Linux 9.1, Mandrake Linux 10 and the development branch of Debian.

    The following oneliner helps to determine whether PT_GNU_STACK is utilized
    by your distribution:

    readelf -l /bin/cat | grep STACK

    if it displays a line like:

    STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4

    then your distribution makes use of PT_GNU_STACK and properly marks
    executables.

    if there's no line displayed or the line says 'RWE' instead of 'RW'
    then the applications are not marked properly.

    - download the patch:

    http://redhat.com/~mingo/nx-patches/nx-2.6.7-rc2-bk2-AE

    - apply the patch to your 2.6.7-rc2-bk2 kernel:

    patch -p1 < nx-2.6.7-rc2-bk2-AE

    - enable CONFIG_HIGHMEM64G in the .config.

    - recompile the kernel and install it - reboot into the new kernel. No
    additional configuration is needed.

    - upon bootup, if your CPU supports NX, you should see this boot message:

    NX (Execute Disable) protection: active

    - your applications are covered by NX protection from this point on.
    If an application defines a noexec stack then the kernel will enforce
    this executability, and all attempts to execute on the stack will be
    prevented by the hardware. Furthermore, the kernel will deny execution
    of its data structures as well, protecting against certain types of
    kernel-space exploits.

    - [ if you want to turn NX off then you can pass the noexec=off boot
    option to the kernel. ]
     
    Это одобряет EP025.
Загрузка...