Casper.Dik at Sun.COM wrote: > >Mike Kupfer writes: > >> should be considered. (I can't remember if Solaris prevents execution > >> out of the stack by default. If it does, this is less of a concern.) > > > >On systems where such a thing is possible, it's done by default. Not > >all CPUs can actually do that, though. > > On 32 bit SPARC it's allowed by default beccause it's required by the > ABI.
What about setting the matching flag in /etc/system by default to make the stack non-executable for 32bit SPARC and provide something similar to /usr/lib/0 at 0.so.1 to allow the usage of applications which need an executable stack ? The idea is to provide a "default configuration" which is "secure", similar to the networking "secure by default" project (yes, I know... someone could complain about the backwards-compatibility of such a default setting - however the networking "secure by default" putback broke many things "by default", too). ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.mainz at nrubsig.org \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 7950090 (;O/ \/ \O;)
