Interesting reading on exec* access checks.
Stephen Smalley
sds at tycho.nsa.gov
Tue Dec 13 18:37:22 UTC 2005
On Tue, 2005-12-13 at 17:03 +0000, Mike Hearn wrote:
> On Mon, 12 Dec 2005 12:27:07 -0500, Stephen Smalley wrote:
> > exec-shield is a mechanism that approximates NX support, but does not
> > define policy, so it cannot differentiate between a legitimate
> > application request for executable memory from the same request induced
> > by malicious code
>
> I thought that in order to get malicious code into a running program with
> any degree of reliability you need to know its VMA layout, and execshield
> prevents that. So how can you do attacks like this with execshield enabled?
http://www.stanford.edu/~blp/papers/asrandom.pdf
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list