Hi there,
I've a question about "exec-shield", pratically, in some servers SELinux
it's Disabled, but I see that "exec-shield" is enabled:
******************************************
[root@app12trnr TSCM]# sysctl -a|grep -i exec
kernel.exec-shield = 1
[root@app12trnr TSCM]# sestatus
SELinux status: disabled
******************************************
- Now, the question is: also if SELinux is Disabled, the
exec-shield works normally? And if the answer is "yes", with wich criteria
the exec-shield block an application to write on memory?
- Because I think that only SELinux can manage "exec-shield" for
decide with wich criteria can block something to write on memory. Because I
saw that there is "process object class" with some permissions that specify
proper "execheap, execstack, and go on" for manage "allow/deny".
I hope I was clear with the question.
Thanks in advance,
Maurizio Pagani