SUMMARY: Is set noexec_user_stack=1 good enough

From: Johan Hartzenberg <>
Date: Tue Jun 19 2001 - 12:22:19 EDT
The Answer is NO.

Thanx to Justin Stringfellow (Sun Micro) for a Sun Doc.  The doc explains
the protection, but not the remaining vulnerabilities.

Thanx to Kennie Gutierrez,

With this setting you will not be totally protected, but for instance we
have recorded three differents attacks to exploit a buffer overflow on the
yppasswdd rpc service, they killed the process but could not do anything

Here I include an excerpt of the log file:

 yppasswdd[235]: [ID 467562 auth.error] yppasswdd: user
 @@@@@@@@  P" `"?-"?-"?-"? ; /bin/sh-c echo 'rje stream tcp nowait root
 /bin/sh sh -i'>z;/usr/sbin/inetd -s z;rm
 z;: does not exist

Thanks to those two setting we were safe.

> Is there any other system settings that would improve security?

There are various kernel setting related to TCP/IP to improve system


Thanx to Ice for


Thanx to John Leadeham for

There is a whole slew of online blueprints about security.

Thanx to Brett Lymn for

In short, no.  They make things more difficult because code cannot be
executed on the stack directly but it does not prevent the attacker
constructing call frames to library calls and jumping into the library
call.  A few calls and they have allocated some memory to run code in
and jumped to it.


 Johan Hartzenberg, UNIX Systems programmer, CSC Computer Sciences (South
Africa) Pty Ltd
Tel: +27 (21) 509 4621   or   083 6808398    Fax: 021 509 4677 = e-mail =
Received on Tue Jun 19 17:22:19 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:24:57 EDT