Enable ExecShield

An XCCDF Group

Details
Profiles
Prose

Description

ExecShield describes kernel features that provide protection against exploitation of memory corruption errors such as buffer overflows. These features include random placement of the stack and other memory regions, prevention of execution in memory that should only hold data, and special handling of text buffers. These protections are enabled by default on 32-bit systems and controlled through sysctl variables kernel.exec-shield and kernel.randomize_va_space. On the latest 64-bit systems, kernel.exec-shield cannot be enabled or disabled with sysctl.

ID: xccdf_org.ssgproject.content_group_enable_execshield_settings
Child Items: 4
Updated: over 1 year ago