DragonFly has had NX (Non-eXecutable) support for some time. It’s now on by default for read operations in DragonFly master – not the current release. You can step it up to level 2, for write operations, with a loader tunable, but it may cause issues with dports.
One Reply to “NX on by default for reads”
Comments are closed.
>Suggested-by: Theo de Raadt
Nice to see some cooperation between BSDs. My understanding is that NX helps prevents attackers doing ROP, but indeed it might not work nicely with JIT compilers used by many languages (which is why it’s more difficult to do NX on writeable pages, since that’s what JIT compilers use).