Use PAE kernel when hardware supports it

Registered by Kees Cook on 2008-11-19

Default 32bit Ubuntu installs lack support for the "nx" bit, which leaves the bulk of installs vulnerable to code execution attacks in writable memory (stack, heap). 64bit kernels have PAE mode enabled, which allows for the "nx" bit to work. The -server flavor of the 32bit kernel provides PAE mode for hardware that supports it. As such, the goal of this blueprint is to have Ubuntu determine the CPU capabilities, and choose the most protective kernel.
 - rename -server and/or -generic so that people wanting >4G physical memory will install it on desktops without confusion.
 - modify DVD/alternate installer to detect CPU capabilities and choose the correct kernel
 - modify jockey to detect CPU capabilities and recommend installing the correct kernel
 - have jockey scream loudly when nx is disabled on 64bit or 32bit+PAE
 - modify system-cleaner to suggest removal of -generic when -server is installed and running

Blueprint information

Status:
Complete
Approver:
Kees Cook
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Implemented
Milestone target:
None
Started by
Pete Graner on 2009-11-30
Completed by
Pete Graner on 2009-11-30

Related branches

Whiteboard

Implemented with the PAE kernel in karmic --pgraner

(?)

Work Items