why the permission of the stack in process address space of linux is executive?

Question

The linux kernel sets the permission of statck of process to be executive. As we know, the stack contains data instead instructions gernerally, So I wonder the reason why the kenel does this. Especially, the buffer overflow attacks store the malicious code into the stack generally and execute it when it successfully exploit the system. if the permission of stack is not executive, the attack should be avoided, is this right? So in my opinion, to set the stack's permission to be executive is harmful, what's the real purpose of linux doing this even it's running a risk of buffer overflow attacking ?

Answer 1

The Linux kernel does support the NX bit on CPUs that have it. The support has been there since 2004.

Some distributions ship with kernels that don't enable the options required to use NX but that's more to do with the fact that setting those options (specifically, using PAE mode) will cause the OS to not boot on certain hardware.

That's why I tend to recompile my kernel rather than taking the default supplied in a distro. That way, I'm certain it's optimised for my hardware rather than just the general case.