Oracle Solaris Tunable Parameters Reference Manual

noexec_user_stack

Description

Enables the stack to be marked as nonexecutable, which helps make buffer-overflow attacks more difficult.

A Solaris system running a 64-bit kernel makes the stacks of all 64-bit applications nonexecutable by default. Setting this parameter is necessary to make 32-bit applications nonexecutable on systems running 64-bit or 32-bit kernels.


Note –

This parameter exists on all systems running the Solaris 2.6, 7, 8, 9, or 10 releases, but it is only effective on 64–bit SPARC and AMD64 architectures.


Data Type

Signed integer

Default

0 (disabled)

Range

0 (disabled) or 1 (enabled)

Units

Toggle (on/off)

Dynamic?

Yes. Does not affect currently running processes, only processes created after the value is set.

Validation

None

When to Change

Should be enabled at all times unless applications are deliberately placing executable code on the stack without using mprotect to make the stack executable. For more information, see mprotect(2).

Commitment Level

Unstable

Change History

For information, see noexec_user_stack (Solaris 9 Releases).