noexec_user_stack Parameter
Note:
Althoughnoexec_user_stack is still operational, this parameter is deprecated in this Oracle Solaris release. Use the nxheap and nxstack security extensions instead. You can control and configure Oracle Solaris extensions at the system level and at the process level with the sxadm command. For procedures and examples that show the use of nxheap and nxstack, see Protecting the Process Heap and Executable Stacks From Compromise in Securing Systems and Attached Devices in Oracle Solaris 11.4. For more information about the sxadm command, see the sxadm(8) man page. For guidelines to secure and harden Oracle Solaris, see Oracle Solaris 11.4 Security and Hardening Guidelines.
- Description
-
Enables the stack to be marked as nonexecutable, which helps make buffer-overflow attacks more difficult.
An Oracle Solaris system running a 64-bit kernel makes the stacks of all 64-bit applications nonexecutable by default. Setting this parameter is necessary to make the stacks of all 32-bit applications nonexecutable by default if they weren't linked with the nxstack security extensions flag. This parameter, together with
noexec_user_stack_log, can be set in a file in the/etc/system.ddirectory. See Protecting the Process Heap and Executable Stacks From Compromise in Securing Systems and Attached Devices in Oracle Solaris 11.4. - Data Type
-
Signed integer
- Default
-
0 (disabled)
- Range
-
0 (disabled) or 1 (enabled)
- Units
-
Toggle (on/off)
- Dynamic?
-
Yes. Does not affect currently running processes, only processes created after the value is set.
- Validation
-
None
- When to Change
-
Should be enabled at all times unless applications are deliberately placing executable code on the stack without using
mprotectto make the stack executable. For more information, see themprotect(2) man page. - Commitment Level
-
Unstable