Ubuntu

Use PAE kernel when hardware supports it

Registered by Kees Cook on 2008-11-19

Default 32bit Ubuntu installs lack support for the "nx" bit, which leaves the bulk of installs vulnerable to code execution attacks in writable memory (stack, heap). 64bit kernels have PAE mode enabled, which allows for the "nx" bit to work. The -server flavor of the 32bit kernel provides PAE mode for hardware that supports it. As such, the goal of this blueprint is to have Ubuntu determine the CPU capabilities, and choose the most protective kernel.
- rename -server and/or -generic so that people wanting >4G physical memory will install it on desktops without confusion.
- modify DVD/alternate installer to detect CPU capabilities and choose the correct kernel
- modify jockey to detect CPU capabilities and recommend installing the correct kernel
- have jockey scream loudly when nx is disabled on 64bit or 32bit+PAE
- modify system-cleaner to suggest removal of -generic when -server is installed and running

Blueprint information

Status:: Complete

Approver:: Kees Cook

Priority:: Undefined

Drafter:: None

Direction:: Needs approval

Assignee:: None

Definition:: New

Series goal:: None

Implementation:: Implemented

Milestone target:: None

Started by: Pete Graner on 2009-11-30

Completed by: Pete Graner on 2009-11-30

Related branches

Related bugs

Sprints

Whiteboard

Implemented with the PAE kernel in karmic --pgraner

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Ante Karamatić

Ben Collins

Colin Watson

Jamie Strandboge

Joseph Salisbury

Kees Cook

Laurent Bonnaud

Leann Ogasawara

Martin Pitt

Nicolas Valcarcel

Oliver Grawert

Pete Graner

Steffen Rusitschka

Tim Gardner