Account Links: Cart | Your Account | Logout

Skip to content

Red Hat Knowledgebase

Red Hat Knowledgebase Search:

Updated Within the Last:

New Solutions within the last day New Solutions within the last week New Solutions within the last month

Browse by topics:


Click to View a Topic
Red Hat Enterprise Linux > Security > Issue <<  126 of 216 >>

Solution Tools:


Email a Solution Postcard Printer version Submit a comment on this answer Update notifications Request an answer Back

Article Reference

Article ID: 5875
Last update: 08-25-05
Issue:
What is ExecShield and what are some commands available to troubleshoot it?
Resolution:

ExecShield is a security modification to the Linux kernel that makes large parts of explicitly marked programs including their stack non executable. This can reduce the potential damage of security issues such as buffer overflow exploits. The following URLs are whitepapers that describes ExecShield in more detail:

The following URL is an article from Red Hat Magazine with details on Limiting buffer overflows with ExecShield:

ExecShield is meant to be compatible with all applications. However, some false assumptions on the applications design can cause it to fail. The effects of the memory protection are easy to detect. The application will crash unless SIGSEGV handlers are installed and the signal is ignored which is unusual.

The more likely candidate for subtle changes in behavior is the randomization of the address space. An application should not expect fixed address for heap, stack, mmap area, or Dynamic Shared Object (DSO). This, and the different allocation strategy for mmap (now from top to bottom), could cause problems in various programs. It can be as simple as assuming the address of a DSO is higher than the address of the executable (e.g., negative pointer difference).

You can verify the presence of ExecShield memory protection using the following command.

execstack -q binary

To disable it permanently system-wide, you have 2 options.

  1. Add the following to /etc/sysctl.conf file:

    kernel.exec-shield = 0

    It can be made effective for the current session using the following command:

    sysctl -w kernel.exec-shield=0

  2. Alternatively it can be disabled by appending the following to the kernel command line in the bootloader. The system needs to be rebooted for this change to take effect.

    exec-shield=0

    For example:

    title Red Hat Enterprise Linux AS (2.4.21-32.0.1.ELsmp)
        root (hd0,0)
        kernel /vmlinuz-2.4.21-32.0.1.ELsmp ro root=LABEL=/ exec-shield=0
        initrd /initrd-2.4.21-32.0.1.ELsmp.img

Exec-shield randomizes virtual memory mappings and this may confuse badly designed software. This can be disabled on individual processes for the current session using the following command:

setarch i386 cmd

The setarch command is used to create an alternate environment. You can read more about setarch by viewing the man page: man setarch.


How well did this entry answer your question?


good wrong incomplete out of date
Red Hat Enterprise Linux > Security > Issue <<   126  of  216  >>