executable_stack man page on HP-UX

Printed from http://www.polarhome.com/service/man/?qf=executable_stack&af=0&tf=2&of=HP-UX

executable_stack(5)					   executable_stack(5)

NAME
       executable_stack	 -  controls  whether program stacks are executable by
       default

VALUES
   Failsafe
   Default
   Allowed values
   Recommended values
DESCRIPTION
       This tunable parameter controls whether program stacks  are  executable
       by  default.   It allows systems to be configured to have extra protec‐
       tion from stack buffer overflow attacks without sacrificing system per‐
       formance.   This class of attack very commonly attempts to trick privi‐
       leged programs into performing unauthorized actions or giving  unautho‐
       rized  access.  Background information on this type of attack is avail‐
       able on the web by searching  for  'Smashing  the  Stack	 for  Fun  and
       Profit.'

       The  majority of programs that run on HP-UX do not need to execute code
       located on their stacks.	 A  few	 programs,  notably  some  simulators,
       interpreters  and  older versions of Java, may have a legitimate reason
       to execute code from their stacks.  These programs typically have self-
       modifying  code.	 Using a combination of this tunable and the option of
       the command permits such executables to	function  without  sacrificing
       protection for the rest of the system.

       Refer  to the 'Restricting Execute Permission on Stacks' section of the
       chatr(1) manpage for more information before changing this tunable.

   Who is Expected to Change This Tunable?
       Anyone.

   Restrictions on Changing
       Changes to this tunable take effect for new processes started after the
       change.

   When Should the Value of This Tunable Be Changed?
       This  tunable  controls	operational  modes  rather than data structure
       sizes and limits.  The appropriate setting  for	a  system  depends  on
       whether you consider security or compatibility to be most important.

       A value of is compatible with previous releases of HP-UX, but it is the
       least secure.  This setting permits the execution of potentially	 mali‐
       cious code located on a program's stack.

       A  value	 of  provides warnings about any program attempting to execute
       code on its stacks, but does not alter the program's behavior.	Suspi‐
       cious  activity	is  logged  in	the  kernel's  message	buffers.  (See
       dmesg(1M).)  This is a 'trial mode' setting intended to	allow  you  to
       safely determine whether a tunable value of would affect any legitimate
       application.

       A tunable value of is the recommended setting on systems where a higher
       level of security is important.	This is essentially the same as a set‐
       ting of but it will also terminate any process that attempts to execute
       code  on	 its stacks.  The process will be terminated before the poten‐
       tially malicious code is executed.

   What Are the Side Effects of Changing the Value
       This tunable has no effect on system  behavior  unless  an  application
       attempts	 to  execute instructions located on its stacks.  The majority
       of HP-UX applications are not programmed to do this.

   What Other Tunable Values Should Be Changed at the Same Time?
       None.

WARNINGS
       All HP-UX kernel tunable parameters are release specific.  This parame‐
       ter  may	 be  removed or have its meaning changed in future releases of
       HP-UX.

       Installation of optional kernel software, from HP or other vendors, may
       cause  changes  to  tunable parameter values.  After installation, some
       tunable parameters may no longer be at the default or recommended  val‐
       ues.  For information about the effects of installation on tunable val‐
       ues, consult the documentation for the kernel software being installed.
       For  information	 about	optional  kernel  software  that  was  factory
       installed on your system, see at

AUTHOR
       was developed by HP.

			   Tunable Kernel Parameters	   executable_stack(5)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net