On Tue, 13 Jul 2010, Török Edwin <edwintorok@xxxxxxxxx> wrote: > If I can change the mapping from RW <-> RX, then the mapping is > writable only for a brief period (DB reload), so an exploit can't take > advantage of the RWX mapping (since there is no RWX mapping). > Thats better than allowing 'execmem' for the entire process, isn't it? That sounds like a good benefit. -- russell@xxxxxxxxxxxx http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
