How to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
For a description of the security risks of 32-bit executable stacks, see Protecting the Process Heap and Executable Stacks From Compromise.
You must assume the root
role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
Troubleshooting: If your nxstack
setting is ignored, remove the noexec_user_stack
and noexec_user_stack_log
system variables from the /etc/system
file. Then, enable the nxstack
security extension again.
If you disable noexec_user_stack
in the /etc/system
file but do not remove the entry, binaries that are tagged continue to be protected. This tagged-files
configuration allows binaries that can only succeed when their stack is executable to succeed, while protecting most executable stacks from malicious code. For more information, see nxstack and noexec_user_stack Compatibility.