On Thu, Sep 21, 2006 at 02:46:10PM +0400, Damir Shayhutdinov wrote:
> > $ fgrep -B6 kernel.exec-shield /etc/sysctl.conf
> > # Exec Shield bits:
> > #          0: off; vdso at STACK_TOP, 1 page below TASK_SIZE
> > #   (1<<0) 1: on [also on if !=0]
> > #   (1<<1) 2: noexecstack by default
> > #   (1<<2) 4: vdso just below .text of main (unless too low)
> > #   (1<<3) 8: vdso just below .text of PT_INTERP (unless too low)
> > kernel.exec-shield = 9
> 
> Кстати,  а per-application настройки exec shield можно как-нибудь сделать?

Конечно, можно.  Например, noexecstack настраивается посредством
ELF'ового заголовка PT_GNU_STACK.


-- 
ldv