[CentOS] ExecShield in C6 or C7 kernels?

On Tue, Sep 29, 2015 at 08:49:21AM -0700, Akemi Yagi wrote: · Mon Oct 5 06:33:29 UTC 2015

I've also realized if you have No Execute(NX) or Execute Disable(XD)
protection enabled in your BIOS, you can't access kernel.exec-shield sysctl
parameter.

[root at centos7 ~]# dmesg | grep '[NX|DX]*protection'
[    0.000000] NX (Execute Disable) protection: active

[root at centos7 ~]# sysctl kernel.exec-shield
sysctl: cannot stat /proc/sys/kernel/exec-shield: No such file or directory

On Tue, Sep 29, 2015 at 7:47 PM, Fred Smith <fredex at fcshome.stoneham.ma.us>
wrote:

> On Tue, Sep 29, 2015 at 08:49:21AM -0700, Akemi Yagi wrote:
> > On Tue, Sep 29, 2015 at 7:37 AM, Fred Smith
> > <fredex at fcshome.stoneham.ma.us> wrote:
> > > I'm trying to figure out if the stock kernels for Centos-6 and/or
> Centos-7
> > > have ExecShield compiled in, and if so, if it is turned on by default.
> >
> > According to what I've read, Exec Shield is enabled in CentOS-6 and -7
> > by default. In CentOS-6, you can see it by:
> >
> > sysctl -a | grep -i shield
> >
> > The sysctl command also allows you to disable it. But in CentOS-7 you
> > cannot change it any more.
> >
> > Akemi
>
>
> Thanks, Akemi!
>
> --
> ---- Fred Smith -- fredex at fcshome.stoneham.ma.us
> -----------------------------
>                     The Lord detests the way of the wicked
>                   but he loves those who pursue righteousness.
> ----------------------------- Proverbs 15:9 (niv)
> -----------------------------
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

-- 
*James Oguya*