Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Buffer overflow prevention
From: "Matt D. Harris" <vesper () depraved org>
Date: Thu, 14 Aug 2003 16:09:16 -0400

Theo de Raadt wrote:
I believe the best protection (at this time) is to combine ProPolice with
a W^X technology.

Solaris 2.6 and above also support a kernel variable which can be set via /etc/system called "noexec_user_stack", which can make the stack for userland processes non-executable by default. Note that this behavior is the default for 64-bit binaries in Solaris 7, 8, and 9, and this kernel variable forces the behavior for 32-bit binaries. I run all sorts of odd software and have never had an issue with having this always turned on for all of my systems.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]