>ppgsz(1) or mpss.so.1(1) can set preferred page size for >existing (ppgsz) or new (both) processes. > >Is there anything that can similarly remove execute permission >from the stack of 32-bit processes, without do so on a system-wide >basis (i.e. without putting set noexec_user_stack=1 in /etc/system)?
Without relinking, you mean? If you can relink the program, there's -M /usr/lib/ld/map.noexstk >It strikes me that something like that might be good with high risk >programs like browsers, that are often still 32-bit, and usually >have a shell wrapper anyway. We use this in many consolidations: % pmap `pgrep firefox`|grep stack E60FA000 8K rw--R [ stack tid=2846 ] F727A000 8K rw--R [ stack tid=14 ] F74F8000 16K rw--R [ stack tid=13 ] F7AF8000 16K rw--R [ stack tid=7 ] F83FA000 8K rw--R [ stack tid=2858 ] FA5FA000 8K rw--R [ stack tid=5 ] FA6FA000 8K rw--R [ stack tid=4 ] FABFA000 8K rw--R [ stack tid=3 ] FACFA000 8K rw--R [ stack tid=2 ] FFB9C000 400K rw--- [ stack ] FFBFC000 16K rw--- [ stack ] You can detect such programs using "elfdump"; you'll find a Program header similar to this: Program Header[5]: p_vaddr: 0 p_flags: [ PF_W PF_R ] <- RW, no N! p_paddr: 0 p_type: [ PT_SUNWSTACK ] p_filesz: 0 p_memsz: 0 p_offset: 0 p_align: 0 Casper _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org