SUMMARY: /etc/system commands

From: Christopher L. Barnard <>
Date: Tue Oct 08 2002 - 14:21:54 EDT
I asked:

For Solaris 7 and Solaris 8, one of the basic security hardening steps 
is to put the following two lines into /etc/system to make the stack

set noexec_user_stack=1
set noexec_user_stack_log=1

I am wondering if these /etc/system commands will work with an older OS
(Solaris 2.6) or with a newer OS (Solaris 9).  If anyone can confirm that
these do what they should do and don't cause the server to die a painful
death when added, I would be much appreciative.

TIA, and I will summarize.

The answer:

go for it.  It has been part of the Solaris kernel since 2.6, and is
actually the default starting with Solaris 9 (although adding it will not
hurt anything).  Several people said that errors or unsupported entries in 
the /etc/system are not harmful at all -- the server will simply report on
bootup that there are unsupported entries in the /etc/system file and then
ignore them.

Thanks to:
Rob Warren <>
Matt Harris <>
Lyndon Tiu <>
Casper Dik <Casper.Dik@Sun.COM>
Rick Kelly <>
"Stout, Noelette" <>
"Fiamingo, Frank" <>
"Patrick L. Nolan" <pln@razzle.Stanford.EDU>
"Konstantin Orekhov" <>
"Kevin Buterbaugh" <>
Justin Stringfellow <js70062@ms-egmp02-01.UK.Sun.COM>

| Christopher L. Barnard         O     When I was a boy I was told that |
|         / \    anybody could become president.  |
| (312) 347-4901               O---O   Now I'm beginning to believe it. |
|                --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
sunmanagers mailing list
Received on Tue Oct 8 14:24:56 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:56 EST