How to Enable and Disable Linux ExecShield Buffer Overflows Protection

What is ExecShield ?

ExecShield is security Linux kernel patch to avoid worms and other problems.

Exec Shield is a project that got started at Red Hat, Inc in late 2002 with the aim of reducing the risk of worm or other automated remote attacks on Linux systems. The first result of the project was a security patch for the Linux kernel that adds an NX bit to x86 CPUs. While the Exec Shield project has had many other components, some people refer to this first patch as Exec Shield.



Disable ExecShield protection

Login as root
Type the following command below :
# sysctl -w kernel.exec-shield=0

You can disable it permanently system-wide after each and every reboot by adding following line to /etc/sysctl.conf file:
# vi /etc/sysctl.conf
Append following line
kernel.exec-shield=0

Save and close the file.

Note :

I don’t recommend disabling ExecShild protection.


There is also a simple way to disable ExecShild protection via GRUB loader


You can also disable protection by appending the following parameter to the kernel command line in the GRUB bootloader to kernel line:

# vi /etc/grub.conf
Modify / append exec-shield=0 parameter as follows:
kernel /vmlinuz-2.6.8 ro root=LABEL=/ exec-shield=0
Close and save the file.
Enable ExecShield Protection Against Buffer Overflows

Open your /etc/sysctl.conf file:

# vi /etc/sysctl.conf
#### Add the following lines:
 
kernel.exec-shield = 1
kernel.randomize_va_space = 1
 
Save and close the file.
The First line will enable ExecShield protection and second line will enable random placement of virtual memory regions protection.

To load sysctl without reboot type this command below ::
# sysctl -p

Facebook Fans