allow_execstack
"Stanisław T. Findeisen"
sf181257 at students.mimuw.edu.pl
Sat Jun 6 13:09:16 UTC 2009
Look what I've found regarding stack execution:
=======================================================================
execstack :: As the name suggests, this error is raised if a program
tries to make its stack (or parts thereof) executable with an mprotect
call. This should never, ever be necessary. Stack memory is not
executable on most OSes these days and this won't change. Executable
stack memory is one of the biggest security problems. An execstack error
might in fact be most likely raised by malicious code.
http://people.redhat.com/drepper/selinux-mem.html
=======================================================================
$ cat /selinux/booleans/allow_execstack
1 1
$ cat /etc/redhat-release
Fedora release 10 (Cambridge)
I haven't changed this setting manually since system install so I guess
this is a bug in the Fedora policy?
BTW what does the 1st "1", and what does the 2nd "1" in
/selinux/booleans/allow_execstack stand for?
Thanks!
STF
=======================================================================
http://eisenbits.homelinux.net/~stf/
OpenPGP: DFD9 0146 3794 9CF6 17EA D63F DBF5 8AA8 3B31 FE8A
=======================================================================
More information about the selinux
mailing list