On Mon, 12 Dec 2005 12:27:07 -0500, Stephen Smalley wrote:
exec-shield is a mechanism that approximates NX support, but does
not
define policy, so it cannot differentiate between a legitimate
application request for executable memory from the same request induced
by malicious code
I thought that in order to get malicious code into a running program with
any degree of reliability you need to know its VMA layout, and execshield
prevents that. So how can you do attacks like this with execshield enabled?
thanks -mike