Re: allow_execstack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/06/2009 09:09 AM, "Stanisław T. Findeisen" wrote:
Look what I've found regarding stack execution:

=======================================================================
execstack :: As the name suggests, this error is raised if a program
tries to make its stack (or parts thereof) executable with an mprotect
call. This should never, ever be necessary. Stack memory is not
executable on most OSes these days and this won't change. Executable
stack memory is one of the biggest security problems. An execstack error
might in fact be most likely raised by malicious code.

http://people.redhat.com/drepper/selinux-mem.html
=======================================================================

$ cat /selinux/booleans/allow_execstack
1 1
$ cat /etc/redhat-release
Fedora release 10 (Cambridge)

I haven't changed this setting manually since system install so I guess
this is a bug in the Fedora policy?

BTW what does the 1st "1", and what does the 2nd "1" in
/selinux/booleans/allow_execstack stand for?

Thanks!
STF

=======================================================================
http://eisenbits.homelinux.net/~stf/
OpenPGP: DFD9 0146 3794 9CF6 17EA D63F DBF5 8AA8 3B31 FE8A
=======================================================================

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Allow execstack was turned on by default in F10.

Note:
allow_execstack only affects unconfined domains. All confined domains are not allowed to execstack, even if the allow_execstack is set. The boolean should have been named unconfined_execstack.


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux