Oracle® Solaris 11.2 Tunable Parameters Reference Manual

Exit Print View

Updated: December 2014
 
 

noexec_user_stack

Description

Enables the stack to be marked as nonexecutable, which helps make buffer-overflow attacks more difficult.

An Oracle Solaris system running a 64-bit kernel makes the stacks of all 64-bit applications nonexecutable by default. Setting this parameter is necessary to make 32-bit applications nonexecutable.

Data Type

Signed integer

Default

0 (disabled)

Range

0 (disabled) or 1 (enabled)

Units

Toggle (on/off)

Dynamic?

Yes. Does not affect currently running processes, only processes created after the value is set.

Validation

None

When to Change

Should be enabled at all times unless applications are deliberately placing executable code on the stack without using mprotect to make the stack executable. For more information, see mprotect (2) .

Commitment Level

Unstable