Thanks much to Casper Dik and Doug Winter for the following responses:
Casper
--------
I have heard of no problems using this setting.
(Other than those I articfically concocted)
--------
My question >Why doesn't Solaris come with this feature turned on? :-)
Casper
--------
It does for 64 bit processes; the 32 bti ABI requires the stack to be
executable./
--------
Doug
-----
We've done it with a number of machines running a lot of Java 2 without
problems. Java used to do some jumping off the stack, but doesn't in v.2
apparently.
Original post
-------------
> Hello Managers,
>
> In the Solaris security FAQ there is a suggestion to turn on
> the following kernel
> parameters:
> noexec_user_stack
> noexec_user_stack_log
> to prevent possible buffer overflow exploits. FAQ suggests
> using these options on a single
> purposed machine (i.e. a web server).
> I am just wondering if somebody's done this, and what the
> possible implications are for the
> programs that try ligitimately to run off the stack.
> In particular, I am interested in the systems running Apache
> web server with mod_ssl,
> mod_php, mod_gzip, and these parameters turned on.
S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@sunmanagers.ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:20 CDT