Interesting reading on exec* access checks.

Steve G linux_4ever at
Tue Dec 13 18:37:16 UTC 2005

>So how can you do attacks like this with execshield enabled?

I think the core idea is to have layers of protection so that if there ever was a
hole discovered in exec-shield, you still have another layer of defense. There's
at least 3 layers that I can see for people with local access: execshield, SE
Linux, and the gcc/glibc FORTIFY_SOURCE & stack protector options.


Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the fedora-selinux-list mailing list