Interesting reading on exec* access checks.
Mike Hearn
mike at plan99.net
Tue Dec 13 17:03:34 UTC 2005
On Mon, 12 Dec 2005 12:27:07 -0500, Stephen Smalley wrote:
> exec-shield is a mechanism that approximates NX support, but does not
> define policy, so it cannot differentiate between a legitimate
> application request for executable memory from the same request induced
> by malicious code
I thought that in order to get malicious code into a running program with
any degree of reliability you need to know its VMA layout, and execshield
prevents that. So how can you do attacks like this with execshield enabled?
thanks -mike
More information about the fedora-selinux-list
mailing list