Is noexec_user_stack supported in Solaris x86?
No. You can set it but it won’t do anything on Intel. On SPARC, it prevents execution of code that was placed on the stack. This is a popular technique used to gain unauthorized root access to systems, locally or remotely, by executing arbitrary code as root. This is possible with poorly-written programs that have missing overflow checks. To enable stack protection, add the following to /etc/system and reboot: set noexec_user_stack = 1 set noexec_user_stack_log = 1 Unfortuntely it’s ignored on the Intel Architecture, because it doesn’t have the concept of pages having execute permissions. (SPARC and AMD’s Opteron do, so it’s possible that a future release of Solaris x86 may support it when running on certain AMD CPU’s, but not on Intel ones.) This feature has been the default beginning with Solaris 9. [Thanks to Alan Coopersmith] Copyright 1997 – 2004 Dan Anderson. All rights reserved. http://sun.drydog.
