Solaris Tunable Parameters Reference Manual

General Kernel Variables

noexec_user_stack (Solaris 2.6 and Solaris 7 Releases)

Description

Introduced in the Solaris 2.6 release to allow the stack to be marked as non-executable. This helps make buffer-overflow attacks more difficult.

In the Solaris 2.6 release, the value does not affect threaded applications. All 64-bit Solaris applications effectively make all stacks non-executable irrespective of the setting of this variable.


Note -

This variable exists on all systems running Solaris 2.6 or later, but it is only effective on sun4u, sun4m, and sun4d architectures.


Data Type

Signed integer

Default

0 (disabled)

Range

0 (disabled), 1 (enabled)

Units

Toggle (on/off)

Dynamic?

Yes. Does not affect currently running processes--only those created after the value is set.

Validation

None

When to Change

Should be enabled at all times unless applications are deliberately placing executable code on the stack without using mprotect(2) to make the stack executable.

Commitment Level

Unstable