Projects / noexec

noexec

noexec is a package for preventing a process from exec'ing another process. It can be a useful security measure to prevent a user from escaping to a shell. It may be able to prevent some kinds of CGI exploits.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  22 Jan 2004 14:06

    Release Notes: More exec* functions are now trapped. Two new platforms were tested: FreeBSD and NetBSD.

    •  16 Jun 2003 15:07

      No changes have been submitted for this release.

      Recent comments

      24 Jan 2004 23:10 valery_reznic

      Re: Uhm

      > I'd like to point out that many if not
      > most buffer overflow
      > attacks call the syscall for execve
      > directly, which this
      > won't protect against. Only the kernel
      > can protect
      > against that.


      I agree, but "may-be-more-secure" is the only side-effect, noit main feature. Main feature is prevent execve usage.

      Valery

      22 Jan 2004 06:51 perj

      Uhm
      I'd like to point out that many if not most buffer overflow
      attacks call the syscall for execve directly, which this
      won't protect against. Only the kernel can protect
      against that.

      Screenshot

      Project Spotlight

      OpenStack4j

      A Fluent OpenStack client API for Java.

      Screenshot

      Project Spotlight

      TurnKey TWiki Appliance

      A TWiki appliance that is easy to use and lightweight.