1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
documentation_complete: true
title: |-
Enable Execute Disable (XD) or No Execute (NX) Support on
x86 Systems
description: |-
Recent processors in the x86 family support the
ability to prevent code execution on a per memory page basis.
Generically and on AMD processors, this ability is called No
Execute (NX), while on Intel processors it is called Execute
Disable (XD). This ability can help prevent exploitation of buffer
overflow vulnerabilities and should be activated whenever possible.
Extra steps must be taken to ensure that this protection is
enabled, particularly on 32-bit x86 systems. Other processors, such
as Itanium and POWER, have included such support since inception
and the standard kernel for those platforms supports the
feature. This is enabled by default on the latest Oracle Linux, Red Hat and
Fedora systems if supported by the hardware.
|
