Interesting reading on exec* access checks.

Mike Hearn mike at
Tue Dec 13 17:03:34 UTC 2005

On Mon, 12 Dec 2005 12:27:07 -0500, Stephen Smalley wrote:
> exec-shield is a mechanism that approximates NX support, but does not
> define policy, so it cannot differentiate between a legitimate
> application request for executable memory from the same request induced
> by malicious code

I thought that in order to get malicious code into a running program with
any degree of reliability you need to know its VMA layout, and execshield
prevents that. So how can you do attacks like this with execshield enabled?

thanks -mike

More information about the fedora-selinux-list mailing list