On Tue, 2005-12-13 at 17:03 +0000, Mike Hearn wrote: > On Mon, 12 Dec 2005 12:27:07 -0500, Stephen Smalley wrote: > > exec-shield is a mechanism that approximates NX support, but does not > > define policy, so it cannot differentiate between a legitimate > > application request for executable memory from the same request induced > > by malicious code > > I thought that in order to get malicious code into a running program with > any degree of reliability you need to know its VMA layout, and execshield > prevents that. So how can you do attacks like this with execshield enabled? http://www.stanford.edu/~blp/papers/asrandom.pdf -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
