On 06/06/2009 09:09 AM, "Stanisław T. Findeisen" wrote:
Look what I've found regarding stack execution:
=======================================================================
execstack :: As the name suggests, this error is raised if a program
tries to make its stack (or parts thereof) executable with an mprotect
call. This should never, ever be necessary. Stack memory is not
executable on most OSes these days and this won't change. Executable
stack memory is one of the biggest security problems. An execstack error
might in fact be most likely raised by malicious code.
http://people.redhat.com/drepper/selinux-mem.html
=======================================================================
$ cat /selinux/booleans/allow_execstack
1 1
$ cat /etc/redhat-release
Fedora release 10 (Cambridge)
I haven't changed this setting manually since system install so I guess
this is a bug in the Fedora policy?
BTW what does the 1st "1", and what does the 2nd "1" in
/selinux/booleans/allow_execstack stand for?
Thanks!
STF
=======================================================================
http://eisenbits.homelinux.net/~stf/
OpenPGP: DFD9 0146 3794 9CF6 17EA D63F DBF5 8AA8 3B31 FE8A
=======================================================================
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Allow execstack was turned on by default in F10.
Note:
allow_execstack only affects unconfined domains. All confined domains
are not allowed to execstack, even if the allow_execstack is set. The
boolean should have been named unconfined_execstack.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
