From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.54)
	id 1FQBKP-0000Z2-0j
	for garchives@archives.gentoo.org; Sun, 02 Apr 2006 22:45:49 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.6/8.13.5) with SMTP id k32Mj7cZ031190;
	Sun, 2 Apr 2006 22:45:07 GMT
Received: from smtp.gentoo.org (smtp.gentoo.org [134.68.220.30])
	by robin.gentoo.org (8.13.6/8.13.5) with ESMTP id k32McpFm009576
	for <gentoo-user@lists.gentoo.org>; Sun, 2 Apr 2006 22:38:51 GMT
Received: from mailout1.igs.net ([216.58.97.34])
	by smtp.gentoo.org with esmtp (Exim 4.54)
	id 1FQBDf-00010f-2Q
	for gentoo-user@lists.gentoo.org; Sun, 02 Apr 2006 22:38:51 +0000
Received: from waltdnes.org (i216-58-20-69.cybersurf.com [216.58.20.69])
	by mailout1.igs.net (Postfix) with SMTP id 7D7C25A6B
	for <gentoo-user@gentoo.org>; Sun,  2 Apr 2006 18:38:50 -0400 (EDT)
Received: by waltdnes.org (sSMTP sendmail emulation); Sun,  2 Apr 2006 18:38:52 -0400
From: "Walter Dnes" <waltdnes@waltdnes.org>
Date: Sun, 2 Apr 2006 18:38:52 -0400
To: Gentoo Users List <gentoo-user@lists.gentoo.org>
Subject: [gentoo-user] Activating NX-bit on AMD64, solved (I think), and a warning.
Message-ID: <20060402223852.GC16754@waltdnes.org>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.11
X-Archives-Salt: a519d81f-7a58-44a7-8497-7cea907995c8
X-Archives-Hash: 9c1a5297a73e4a0a7b009285013f0376

  A few days ago, I asked how to do it.  I stumbled across the answer
whilst browsing Google on an entirely different topic.  The answer is to
add the parameters "noexec=on" and "noexec32=on" to the boot line.  I've
added it via "append" lines in /etc/lilo.conf

#
# Linux bootable partition config begins
#
image = /boot/kernel-2.6-production
	root = /dev/sda1
	label = Production
	read-only # read-only for checking
	append = "noexec=on noexec32=on"

image = /boot/kernel-2.6-experimental
        root = /dev/sda1
        label = Experimental
        read-only # read-only for checking
	append = "noexec=on noexec32=on"

#
# Linux bootable partition config ends
#

  And now for the unrelated part, and the warning.  I was reading up on
GRUB, in case I decide to go 64-bit mode in the near future.  Apparently,
GRUB will *NOT* install if noexec/noexec32 are enabled.  You have to
turn them off before installing GRUB.

-- 
Walter Dnes <waltdnes@waltdnes.org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
-- 
gentoo-user@gentoo.org mailing list