摘要
NX(No eXecute)是一种通过将数据页标记为不可执行来防止恶意代码执行的硬件机制。对最新的Linux内核中NX实现技术进行了分析。首先,介绍了x86平台处理器的NX技术,给出了保护模式下的处理器启用物理地址扩展后,检测、打开该安全机制的方法及具体保护机理。其次,分析了最新的Linux 2.6.11.7内核检测、启动NX的过程,归纳了新的页面保护函数,阐明了页面异常的处理过程。最后,总结了实现NX的优点并指出了可能带来的问题。
"No eXecute" is a hardware functionality used to block malware code execution by marking data pages. The NX implementation in latest Linux kernel is analysed in this paper. At first, the NX capability of X86 processor is prestent, the method how to detect and enable this security capabilty in protected mode when physical addres extension is enabled, and also the actual protecting mechanism is given. Second, the detecting and startup procedure in Linux kernel 2.6.11.7 is analysed, and then new functions for page protecting and procedure of page fault exception handling are given. At last,advantages and possible problems are summarized.
出处
《现代电子技术》
2006年第4期30-32,共3页
Modern Electronics Technique
