25 May
2006
25 May
'06
08:56
On Wed, 24 May 2006, Arjen de Korte wrote:
Being well known for years already, a Google search on for instance 'circumvent noexec' will give you plenty of pointers where to look. The basic idea behind the noexec flag may be nice, but there are so many loopholes around it, that the amount of applications that it breaks are really not worth all the trouble.
I think this is a little contentious. The important question is not whether noexec *can* be circumvented, but whether it *is* circumvented by a typical script-kiddie's exploit. If noexec stops some exploits working then you have gained a valuable extra layer of security. People's mileage will vary depending on what applications they run, you shouldn't assume one size fits all. Bob