Sh wrote:
> I'm running Solaris 10 snv_38 on intel I've set up in my /etc/system
> the follwing options
>
> set noexec_user_stack=1 set noexec_user_stack_log=1
>
> Then I rebooted the system and tried the simpliest buffer overflow
> exploit-example .And It worked! Why so?It is because only sparc has
> protection or I'm doing something wrong?
As Jim Carlson already pointed out, this only applies to CPU types that
can support this feature (sparc and amd64).
Also, note that this is effective against many but not all types of
buffer overflow attacks. What it does is disable execution of code on
the stack. So if your attack overwrites the return address to point to
code contained in the overflow data itself (the simplest form of stack
buffer overflow attack), this feature will stop it from executing.
However, if you overwrite the return address to point elsewhere in the
program's code (including libraries), this setting will not prevent the
attack.
Scott
