On 4/23/06, Alistair John Strachan s0348365@sms.ed.ac.uk wrote:
My *guess* is that Windows x64 Edition will enforce DEP/NX for 64bit applications, but will do the same as XP SP2 for 32bit applications. That is, for 32bit applications, you can choose to enforce DEP/NX, and "whitelist" applications (selectively disabling DEP/NX), or have _only_ Windows component DLLs secured by DEP/NX (the default).
Ah, ok now I remember.
Linux, until 2.6.17-rc, also did this. Andi Kleen suggested on LKML that there are userspace tools for Linux which allow NX to be disabled per-binary at runtime, but I suspect such utilities would require privileges. It would be suboptimal to mandate their use with Wine.
Well I think that it would be a better policy to have such tools control the setting. It already seems to be out of the norm, seeing it was modified. I don't think it will happen often, unless we can find an actual common program. Now if it's safe to mark the entry point of an executable MEM_EXECUTE -- which probably is -- then I'm fine with that too.
Jesse