How to Disable Programs From Using Executable Stacks - Securing Files and Verifying File Integrity in Oracle® Solaris 11.2

Securing Files and Verifying File Integrity in Oracle^® Solaris 11.2

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Securing Files and Verifying File Integrity in ... » Controlling Access to Files » Protecting Files » How to Disable Programs From Using Executable ...

Updated: July 2014

Securing Files and Verifying File Integrity in Oracle^® Solaris 11.2

Document Information

Using This Documentation

Chapter 1 Controlling Access to Files

Chapter 2 Verifying File Integrity by Using BART

Security Glossary

Language:

How to Disable Programs From Using Executable Stacks

For a description of the security risks of 32-bit executable stacks, see Protecting Executable Files From Compromising Security.

Before You Begin

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

Edit the /etc/system file, and add the following lines:

# pfedit /etc/system
...
set noexec_user_stack=1
set noexec_user_stack_log=1

Reboot the system.
```
# reboot
```

Example 1-7 Disabling the Logging of Executable Stack Messages

In this example, the administrator disables logging of executable stack messages, then reboots the system.

# cat /etc/system
set noexec_user_stack=1
set noexec_user_stack_log=0
# reboot

See also

For more information, read the following:

Copyright © 2002, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices