I suppose this would apply to any operating system and not just Linux, but it seems most relevant to Linux because there is such a wide choice of operating systems, and a few of them are/have non-PAE versions.
I would ordinarily go for PAE versions because the CPUs on both of my computers support PAE, but LXLE being designed for older hardware, has a non-PAE kernel to make it compatible with as many older CPUs as possible.
I was looking through dmesg and noticed this:
[ 0.000000] Notice: NX (Execute Disable) protection cannot be enabled in hardware: non-PAE kernel!
[ 0.000000] NX (Execute Disable) protection: approximated by x86 segment limits
So I searched the internet for information and found:
The NX bit, which stands for No-eXecute, is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (code) or for storage of data, a feature normally only found in Harvard architecture processors. However, the NX bit is being increasingly used in conventional von Neumann architecture processors, for security reasons.
An operating system with support for the NX bit may mark certain areas of memory as non-executable. The processor will then refuse to execute any code residing in these areas of memory. The general technique, known as executable space protection, is used to prevent certain types of malicious software from taking over computers by inserting their code into another program's data storage area and running their own code from within this section; this is known as a buffer overflow attack.
x86 memory segmentation...
In both real and protected modes the system uses 16-bit segment registers to derive the actual memory address. In real mode the registers CS, DS, SS, and ES point to the currently used program code segment (CS), the current data segment (DS), the current stack segment (SS), and one extra segment determined by the programmer (ES).
If I understand this correctly, with operating systems (/kernels) that use PAE support, NX (execute disable) protection is determined by the hardware (CPU), whereas with non-PAE operating systems (/kernels), NX protection is determined by the software (and "programmer").
I wouldn't think this would be a big deal for the average home user, or that it would mean that non-PAE Linux operating systems (/kernels) are insecure. I certainly have no plans to replace LXLE because of this, even though I could use something else that does support PAE instead.
But it does seem that it would mean that operating systems (/kernels) that do support PAE, are more secure than non-PAE versions. So if there is a choice available, and your CPU does support PAE, it would make sense to go for the PAE rather than the non-PAE version of whatever operating system you decide to use.
To check whether your CPU supports PAE, open a terminal and run the following command.
sudo lshw | grep -i pae
Give the command a few seconds to run, as it has to gather information about the hardware. When it has finished and you are returned to the command prompt, if there was any output, then your CPU supports PAE.
al@puppypc:~$ sudo lshw | grep -i pae [sudo] password for al: capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt 3dnowext 3dnow up lahf_lm vmmcall cpufreq al@puppypc:~$
Edited by Al1000, 09 February 2015 - 09:00 AM.