Linux vendor Red Hat has added another weapon to fight virus exploits, a patched Linux kernel that takes advantage of the NX security protocol.
“It addresses one of the most common security exploits for viruses,” Red Hat spokesperson Leigh Day told internetnews.com.
NX security makes use of the NX x86-based feature in AMD’s 64 bit CPUs as well as processors from Intel and Transmeta
.
AMD, Intel and Transmeta have also announced NX support for Microsoft’s upcoming Windows XP Service Pack 2 update, a security feature that is a combination of hardware and Microsoft’s Execution Protection software.
Red Hat programmer Ingo Molnar wrote in a public post that the new
patch will ensure the Linux kernel has full support for the hardware
feature. “The pagetable format of current x86 CPUs does not have an ‘execute’
bit.
This means that even if an application maps a memory area without
PROT_EXEC,
the CPU will still allow code to be executed in this memory,” Molnar
wrote.
“This property is often abused by exploits when they manage to inject
hostile code into this memory, for example via a buffer overflow.”
In a nutshell, NX security adds a “do not execute” bit, which prevents a worm or attacking virus from executing its
payload. “Furthermore, the patch also implements ‘NX protection’ for kernelspace code,” Molnar wrote. “Only the kernel code and modules are executable –
so
even kernel-space overflows are harder (in some cases, impossible) to
exploit.”
Red Hat has now moved to implement and deploy the technology. Day said the NX Security patch is now available in its Fedora Core 2 developer version.
NX Security is slated to be incorporated in the release version of Fedora Core 3 next quarter, the next Red Hat Enterprise 3 update this year, and the Red Hat Enterprise 4 release, expected next
year.
“It sounds like we should just have NX on by default,” Linux creator Linus
Torvalds wrote in a public post.” I think most people have seen the
security disaster that causes most of the emails on the net to be spam. So this should be trivial to explain to people when they complain about default
[behavior] breaking their strange legacy app.”
The patch is based on an earlier prototype that was written by
Intel.