Interesting reading on exec* access checks.
Steve G
linux_4ever at yahoo.com
Tue Dec 13 18:37:16 UTC 2005
>So how can you do attacks like this with execshield enabled?
I think the core idea is to have layers of protection so that if there ever was a
hole discovered in exec-shield, you still have another layer of defense. There's
at least 3 layers that I can see for people with local access: execshield, SE
Linux, and the gcc/glibc FORTIFY_SOURCE & stack protector options.
-Steve
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the selinux
mailing list