linux-rt does not provide hardware NX protection
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-rt (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Hi,
here is the problem:
$ dmesg | grep NX
[ 0.000000] Using x86 segment limits to approximate NX protection
[...]
And indeed, PAE, which is necessary to have NX protection, is not set in the kernel config:
$ grep PAE /boot/config-
[nothing]
This contrasts with linux-image-
$ dmesg | grep NX
[ 0.000000] NX (Execute Disable) protection: active
[...]
$ grep PAE /boot/config-
CONFIG_X86_PAE=y
So currently I have to choose between increased security and low latency (my choice is security).
How about providing a linux-rt-pae kernel flavor ?
ProblemType: Bug
Architecture: i386
Date: Mon Oct 12 10:30:17 2009
DistroRelease: Ubuntu 9.10
Package: linux-image-
ProcVersionSign
SourcePackage: linux-rt
Uname: Linux 2.6.31-7-rt i686
XsessionErrors:
(polkit-
(gnome-
Changed in linux-rt (Ubuntu): | |
status: | New → Confirmed |
Changed in linux-rt (Ubuntu): | |
status: | Confirmed → Fix Released |
Laurent,
Unfortunately there is no way to add a flavour (-PAE) for rt kernel in Karmic so if your still interested we'll could address that issue for Lucid (Ubuntu 10.04).
Thanks!