On Thu, Feb 28, 2002 at 09:52:14PM +1100, Rachel Polanskis wrote:
> On Thu, 28 Feb 2002, Scott Howard wrote:
>
> > (For what it's worth, I'm fairly certain that disabling execution of code
> > on the stack by putting "set noexec_user_stack=1" in /etc/system stops any
> > of the exploits for either the login or snmp bugs in their tracks)
>
> I'm pretty sure that Solaris 8 has this enabled by default!
Not quite - This setting as such is still disabled.
<<root@marvin />> adb -k
physmem de0e
noexec_user_stack/D
noexec_user_stack:
noexec_user_stack: 0
However from looking at the source is looks like exec stack is not allowed
for 64 bit apps :
from uts/common/os/exec.c :
if (p->p_model == DATAMODEL_LP64 || noexec_user_stack)
p->p_stkprot = PROT_ZFOD & ~PROT_EXEC;
else
p->p_stkprot = PROT_ZFOD;
The descrption of this feature in the source is :
/*
* Patching this variable to non-zero allows the system to run with
* stacks marked as "not executable". It's a bit of a kludge, but is
* provided as a tweakable for platforms that export those ABIs
* (e.g. sparc V8) that have executable stacks enabled by default.
* There are also some restrictions for platforms that don't actually
* implement 'noexec' protections.
*
* Once enabled, the system is (therefore) unable to provide a fully
* ABI-compliant execution environment, though practically speaking,
* most everything works. The exceptions are generally some interpreters
* and debuggers that create executable code on the stack and jump
* into it (without explicitly mprotecting the address range to include
* PROT_EXEC).
*
* One important class of applications that are disabled are those
* that have been transformed into malicious agents using one of the
* numerous "buffer overflow" attacks. See 4007890.
*/
int noexec_user_stack = 0;
int noexec_user_stack_log = 1;
Scott.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
