SUMMARY: code executtion from the stack

From: Leonid Massarskiy (
Date: Tue Oct 31 2000 - 14:22:02 CST

Thanks much to Casper Dik and Doug Winter for the following responses:

I have heard of no problems using this setting.

(Other than those I articfically concocted)

My question >Why doesn't Solaris come with this feature turned on? :-)

It does for 64 bit processes; the 32 bti ABI requires the stack to be

We've done it with a number of machines running a lot of Java 2 without
problems. Java used to do some jumping off the stack, but doesn't in v.2

Original post
> Hello Managers,
> In the Solaris security FAQ there is a suggestion to turn on
> the following kernel
> parameters:
> noexec_user_stack
> noexec_user_stack_log
> to prevent possible buffer overflow exploits. FAQ suggests
> using these options on a single
> purposed machine (i.e. a web server).
> I am just wondering if somebody's done this, and what the
> possible implications are for the
> programs that try ligitimately to run off the stack.
> In particular, I am interested in the systems running Apache
> web server with mod_ssl,
> mod_php, mod_gzip, and these parameters turned on.

U BEFORE POSTING please READ the FAQ located at
. and the list POLICY statement located at
A To submit questions/summaries to this list send your email message to:
A To unsubscribe from this list please send an email message to:
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:20 CDT