PROT_EXEC mmap/mprotect, i386 PAE + NX broken, x86-64 2.6.17-rc2

Alistair John Strachan s0348365 at
Sun Apr 23 10:48:58 CDT 2006

On Sunday 23 April 2006 16:35, Jesse Allen wrote:
> On 4/22/06, Alistair John Strachan <s0348365 at> wrote:
> > On Saturday 22 April 2006 18:38, Jesse Allen wrote:
> > [snip]
> >
> > > It has MEM_EXECUTE correctly set. I think that loader should be
> > > considered buggy.
> >
> > This executable works on Windows, therefore it should work in Wine. It's
> > really that simple. If Windows doesn't enforce DEP/NX, neither should
> > Wine. Or, at the very least, it should be configurable.
> What about x86-64 versions of Windows? I think it allows you to turn
> it on and off, but we should find out. I still think the modified
> executable is buggy, but if Windows does it, we could do it too.

My *guess* is that Windows x64 Edition will enforce DEP/NX for 64bit 
applications, but will do the same as XP SP2 for 32bit applications. That is, 
for 32bit applications, you can choose to enforce DEP/NX, and "whitelist" 
applications (selectively disabling DEP/NX), or have _only_ Windows component 
DLLs secured by DEP/NX (the default).

Linux, until 2.6.17-rc, also did this. Andi Kleen suggested on LKML that there 
are userspace tools for Linux which allow NX to be disabled per-binary at 
runtime, but I suspect such utilities would require privileges. It would be 
suboptimal to mandate their use with Wine.


Third year Computer Science undergraduate.
1F2 55 South Clerk Street, Edinburgh, UK.

More information about the wine-devel mailing list