I'm learning stack buffer overflow exploitation, and I later posted question Shellcode segmentation fault. about that executing shellcode from test program, or when injected to vulnerable program, causes segmentation violation. Now I found out that it might be caused by NX. When I search for this in dmesg I found this line:
[ 0.000000] NX (Execute Disable) protection: active
So my question is how to disable NX bit on Linux. I'm using Kali Linux 64 bit with the 4.18.0 kernel.
You can disable NX globally on Linux by booting with noexec=off in the kernel command line:
noexec [X86]
On X86-32 available only on PAE configured kernels.
noexec=on: enable non-executable mappings (default)
noexec=off: disable non-executable mappings
noexec32 [X86-64]
This affects only 32-bit executables.
noexec32=on: enable non-executable mappings (default)
read doesn't imply executable mappings
noexec32=off: disable non-executable mappings
read implies executable mappings
You can also disable NX for a process by setting the READ_IMPLIES_EXEC execution domain either via personality(2) or, on older kernels, by enabling an executable stack via PT_GNU_STACK. This isn't true for modern kernels which no longer set that execution domain when the stack is executable.
Commit 12230611 changed the behavior so setting PT_GNU_STACK to executable no longer marks every page as executable, and commit 9fccc5c0 made it such that removing PT_GNU_STACK only set all pages executable on systems that completely lack NX support, or on the ia32 architecture.
