patrol at sinus.cz
Fri Mar 26 14:32:35 CST 2004
> >> Put this into your /etc/rc.local
> >> echo "0" > /proc/sys/kernel/exec-shield
> > Just out of curiosity, what *is* that file, and what does it do?
> Under UNIX everything is a file, this is 'just' a file to which the kernel
> listens. Everything in /proc and and /sys (2.6 kernel) are variables or
> monitors for the kernel and kernel-modules.
> There is some special kernel patch called "execution shield" which checks if
> a program behaves 'correctly'. Wine triggers this 'shield' very often. It
> is a non-standard patch, but is included in the RedHat kernels by default.
> This command is to disable it.
BTW, this command disables the exec-shield functionality for all the processes
running on the system, which may be a bit unwise...
There is a command called setarch, which allows to disable exec-shield on a
per-proces basis. Simply call "setarch i586 wine <arguments>" and it will start
wine with exec-shield disabled, while other processes will still be protected
I'm not using Redhat/Fedora, but I patched my kernel with exec-shield to improve
system security; I'm running wine from a simple wrapper called swine :-)) (for
"setarch wine") and I have no problem with it...
WIth regards, Pavel Troller
More information about the wine-users