Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Threaded applications and "execmem" privilege
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Mon, 28 Nov 2005 09:31:17 -0500
Hmm...take a look at:
That alters the mmap call to only apply PROT_EXEC when the binary is marked as requiring an executable stack or the binary lacks marking (I assume that execstack -q `which host` shows - /usr/bin/host). That change is dated Sep 24 2003, and further changes have occurred since that time. How old is the Debian libc? On Fedora, I do not encounter such execmem denials on host, dig, etc. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 28 Nov 2005 - 09:28:01 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |