Details
Execshield is made up of a number of kernel features to provide protection against buffer overflow attacks. These features include prevention of execution in memory data space, and special handling of text buffers.
Rationale:
Enabling any feature that can protect against buffer overflow attacks enhances the security of the system.
Solution
Add the following line to the /etc/sysctl.conf file.
kernel.exec-shield = 1
Default Value:
OS Default: Yes
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.