Interesting reading on exec* access checks.

Mike Hearn mike at
Tue Dec 13 20:38:42 UTC 2005

On Tue, 13 Dec 2005 13:37:22 -0500, Stephen Smalley wrote:
>> I thought that in order to get malicious code into a running program with
>> any degree of reliability you need to know its VMA layout, and execshield
>> prevents that. So how can you do attacks like this with execshield enabled?

Interesting paper, thanks. I guess that answers my question pretty well.

It's nice to know it's still (mostly) effective on 64 bit systems though.

thanks -mike

More information about the fedora-selinux-list mailing list