AMD64 NX (no execute) flag... possible use for increased server security?

AMD Opteron and Athlon 64 processors have a no execute bit flag, called the NX flag, which enables the processor to set a bit that labels data in memory as to whether or not it is executable. It's usable on both Windows and Linux operating systems.

This seems somewhat similar to setting the /tmp folder in Linux to be noexec for security purposes. Looks like this "NX flag" may have potential for increasing server security.

Any comments? Think this feature of the AMD64 CPUs may have the potential to help increase server security?

I'm not sure, but maybe this NX flag could have been used to help protect against things like the JPEG buffer overflow vulnerability from a while back...


(By the way, this is my first post on WHT... been reading the forums here for a while... seems to be a great site and community!)

 

 

 

 

Top