Linux gets trial 'NX' security support
Intel and Red Hat released prototype software to let Linux support the "no execute" security technology--and Linus Torvalds has endorsed it as a high priority even if it ruffles some feathers.
The security technology, called NX for "no execute," is built into several "x86" processors from Intel, AMD and Transmeta. The technology is designed to block vulnerabilities that viruses and worms use to spread, but operating system support is required for NX to work.
Get Up to Speed on... Open source Get the latest headlines and company-specific news in our expanded GUTS section. | ||||
On Wednesday, Red Hat programmer Ingo Molnar announced a Linux patch for NX support based on a prototype from Intel.
Microsoft's Windows will support the NX technology when Service Pack 2 arrives, expected in the third quarter.
In a discussion on the Linux kernel mailing list after Molnar posted the patch, Linux founder and leader Linus Torvalds asked how many programs wouldn't work using with NX enabled. On hearing the number was low, he then said, "It sounds like we should just have NX on by default."
NX support is important enough that it's worth risking problems with some applications, Torvalds said. "I think most people have seen the security disaster that causes most of the e-mails on the Net to be spam. So this should be trivial to explain to people when they complain about default behavior breaking their strange legacy app," Torvalds argued.
Although the vast majority of Intel's processors run Windows, the company has been supporting Linux as well. In addition to the NX work, Intel this year released prototype wireless network support--albeit nearly a year after full-fledged support was available in Windows.
Programmers working for the chipmaker have contributed to several other Linux projects, including support for Itanium processors and Universal Serial Bus (USB) hardware.