I'm trying to figure out if the stock kernels for Centos-6 and/or Centos-7 have ExecShield compiled in, and if so, if it is turned on by default.
On my local C7 box I've been looking at/for indicators without a lot of success:
/usr/lib/sysctl.d/00-system.conf. does not mention ExecShield at all. /proc/sys/kernel has no entries for exec_shield no mention of execshield in any of the files in /etc/grub.d
So, as far as I can see, there are no settings that I would expect to force ExecShield to an ON setting.
I DO see, in /proc/sys/kernel, a file named randomize_va_space, and it contains a value of "2".
I've been googling (well, actually DuckDuckGo-ing) and most of the articles I find regarding ExecShield are 3-10 years old.
I'd appreciate pointers/guides/info on ExecShield in C6 or C7.
thanks in advance!
Fred
On Tue, Sep 29, 2015 at 7:37 AM, Fred Smith fredex@fcshome.stoneham.ma.us wrote:
I'm trying to figure out if the stock kernels for Centos-6 and/or Centos-7 have ExecShield compiled in, and if so, if it is turned on by default.
According to what I've read, Exec Shield is enabled in CentOS-6 and -7 by default. In CentOS-6, you can see it by:
sysctl -a | grep -i shield
The sysctl command also allows you to disable it. But in CentOS-7 you cannot change it any more.
Akemi
On Tue, Sep 29, 2015 at 08:49:21AM -0700, Akemi Yagi wrote:
On Tue, Sep 29, 2015 at 7:37 AM, Fred Smith fredex@fcshome.stoneham.ma.us wrote:
I'm trying to figure out if the stock kernels for Centos-6 and/or Centos-7 have ExecShield compiled in, and if so, if it is turned on by default.
According to what I've read, Exec Shield is enabled in CentOS-6 and -7 by default. In CentOS-6, you can see it by:
sysctl -a | grep -i shield
The sysctl command also allows you to disable it. But in CentOS-7 you cannot change it any more.
Akemi
Thanks, Akemi!
I've also realized if you have No Execute(NX) or Execute Disable(XD) protection enabled in your BIOS, you can't access kernel.exec-shield sysctl parameter.
[root@centos7 ~]# dmesg | grep '[NX|DX]*protection' [ 0.000000] NX (Execute Disable) protection: active
[root@centos7 ~]# sysctl kernel.exec-shield sysctl: cannot stat /proc/sys/kernel/exec-shield: No such file or directory
On Tue, Sep 29, 2015 at 7:47 PM, Fred Smith fredex@fcshome.stoneham.ma.us wrote:
On Tue, Sep 29, 2015 at 08:49:21AM -0700, Akemi Yagi wrote:
On Tue, Sep 29, 2015 at 7:37 AM, Fred Smith fredex@fcshome.stoneham.ma.us wrote:
I'm trying to figure out if the stock kernels for Centos-6 and/or
Centos-7
have ExecShield compiled in, and if so, if it is turned on by default.
According to what I've read, Exec Shield is enabled in CentOS-6 and -7 by default. In CentOS-6, you can see it by:
sysctl -a | grep -i shield
The sysctl command also allows you to disable it. But in CentOS-7 you cannot change it any more.
Akemi
Thanks, Akemi!
--
---- Fred Smith -- fredex@fcshome.stoneham.ma.us
The Lord detests the way of the wicked but he loves those who pursue righteousness.----------------------------- Proverbs 15:9 (niv)
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-
Akemi Yagi -
Fred Smith -
James Oguya