Solaris Tunable Parameters Reference Manual

General Kernel Variables

noexec_user_stack

Description

Enables the stack to be marked as non-executable. This helps in making buffer-overflow attacks more difficult.

A Solaris system running a 64-bit kernel makes the stacks of all 64-bit applications non-executable by default. Setting this variable is necessary to make 32-bit applications non-executable on systems running 64-bit or 32-bit kernels.


Note –

This variable exists on all systems running the Solaris 2.6, 7, or 8 releases, but it is only effective on sun4u, sun4m, and sun4d architectures.


Data Type

Signed integer

Default

0 (disabled)

Range

0 (disabled), 1 (enabled)

Units

Toggle (on/off)

Dynamic?

Yes. Does not affect currently running processes—only those created after the value is set.

Validation

None

When to Change

Should be enabled at all times unless applications are deliberately placing executable code on the stack without using mprotect(2) to make the stack executable.

Commitment Level

Unstable

Change History

See noexec_user_stack (Solaris 2.6 and 7 Releases) for more information.