Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Resources
Documents
Publishers
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide
SRG-OS-000433-GPOS-00192
SRG-OS-000433-GPOS-00192
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-OS-000433-GPOS-00192
1 Rule
AlmaLinux OS 9 must implement nonexecutable data to protect its memory from unauthorized code execution.
Medium Severity
ExecShield uses the segmentation feature on all x86 systems to prevent execution in memory higher than a certain address. It writes an address as a limit in the code segment descriptor, to control where code can be executed, on a per-process basis. When the kernel places the memory regions of a process, such as the stack and heap, higher than this address, the hardware prevents execution in that address range.