On Tue, 2009-03-17 at 17:49 +0100, Sebastian Pfaff wrote: > Does SELinux prevent exectution on the stack? If yes, how can i see > this. It would also be helpful, when i had an example which shows me a > denial of execstack (searching the log gave no results here). Or is > something wrong with my example? > I suppose, i have an wrong understanding adout how SELinux execstack > works. Please help to clarify this. The SELinux execstack check only comes into play if the process calls mprotect(...PROT_EXEC...) on the stack. It is just a policy control over the ability of the process to mark its stack executable. If the program was marked as requiring an executable stack, then that won't ever happen - the kernel will set it up accordingly from the beginning. http://people.redhat.com/drepper/selinux-mem.html -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
