Ubuntu

Kernel seems to ignore noexec=off parameter

Asked by Vasilis

Hello everybody,

I'm running Ubuntu 10.04 32-bit 2.6.32-22-generic-pae kernel.

I need to boot into Ubuntu having the NX bit set forced OFF since even if i disabled execution protection from BIOS Ubuntu emulates it. (ref @ https://wiki.ubuntu.com/Security/Features#Non-Exec%20Memory)

As such, according to the kernel parameters from kernel.org (ref @ http://www.kernel.org/doc/Documentation/kernel-parameters.txt search for noexec) i am appending the following to parameters to my grub.cfg: noexec=off and noexec32=off

<grub.cfg snip>
menuentry 'Ubuntu, with Linux 2.6.32-22-generic-pae' --class ubuntu --class gnu-linux --class gnu --class os {
 recordfail
 insmod ext2
 set root='(hd0,1)'
 search --no-floppy --fs-uuid --set de69abbd-bd5d-455e-b4c0-be9ab0ed6037
 linux /boot/vmlinuz-2.6.32-22-generic-pae root=UUID=de69abbd-bd5d-455e-b4c0-be9ab0ed6037 ro crashkernel=384M-2G:64M,2G-:128M noexec=off noexec32=off
 initrd /boot/initrd.img-2.6.32-22-generic-pae
}
</grub.cfg snip>

However, the kernel seems to ignore those parameters and still boots with execution prevention enabled,

<var/log/syslog snip>
Jun 22 16:36:00 EL kernel: [ 0.000000] Using x86 segment limits to approximate NX protection
</var/log/syslog snip>

this is verified by running the NX regression test from http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/files/head%3A/scripts/kernel-security/nx/

./nx-test stack
data: 0x804a050
bss: 0x805a080
brk: 0x9edc008
rw: 0xb7827000
rwx: 0x60c000
stack: 0xbfec9fd8
Dump of /proc/self/maps:
0035f000-004b2000 r-xp 00000000 08:01 145283 /lib/tls/i686/cmov/libc-2.11.1.so
004b2000-004b3000 ---p 00153000 08:01 145283 /lib/tls/i686/cmov/libc-2.11.1.so
004b3000-004b5000 r--p 00153000 08:01 145283 /lib/tls/i686/cmov/libc-2.11.1.so
004b5000-004b6000 rw-p 00155000 08:01 145283 /lib/tls/i686/cmov/libc-2.11.1.so
004b6000-004b9000 rw-p 00000000 00:00 0
0060c000-0060d000 rwxp 00000000 00:00 0
008f1000-008f2000 r-xp 00000000 00:00 0 [vdso]
00a62000-00a7d000 r-xp 00000000 08:01 2350 /lib/ld-2.11.1.so
00a7d000-00a7e000 r--p 0001a000 08:01 2350 /lib/ld-2.11.1.so
00a7e000-00a7f000 rw-p 0001b000 08:01 2350 /lib/ld-2.11.1.so
08048000-08049000 r-xp 00000000 08:01 1443777 /home/vasilis/Downloads/nx/nx-test
08049000-0804a000 r--p 00000000 08:01 1443777 /home/vasilis/Downloads/nx/nx-test
0804a000-0804b000 rw-p 00001000 08:01 1443777 /home/vasilis/Downloads/nx/nx-test
0804b000-0805b000 rw-p 00000000 00:00 0
09edc000-09efe000 rw-p 00000000 00:00 0 [heap]
b7815000-b7816000 rw-p 00000000 00:00 0
b7826000-b782b000 rw-p 00000000 00:00 0
bfeb6000-bfecb000 rw-p 00000000 00:00 0 [stack]
Attempting to execute function at 0xbfec9fe4
If this program seg-faults, the region was enforced as non-executable...
Segmentation fault
...

Any help will be seriously appreciated !!!
Thanks
V.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

log a bug

Can you help with this problem?

Provide an answer of your own, or ask Vasilis for more information if necessary.

To post a message you must log in.