@(#)Preventing stack smashing in Solaris 14 AUG 2000 Rob Thomas robt@cymru.com Preventing stack smashing in Solaris A common trick of a deviant user is to attempt to obtain root access. This can be accomplished in myriad ways, and one such way is to gain the privileges through a setuid root application. By executing code on the stack, the user inherits the superuser privileges, and thus gains root access to the box. Fortunately, there is a way to prevent the popular stack smash. Two settings must be entered into /etc/system. One of the settings is really only for logging, although it is wise to capture any such attempt. Remember that changes to /etc/system require a reboot to enact. The settings are: * Deny all attempts to execute code on the stack set noexec_user_stack = 1 * Log any such attempts set noexec_user_stack_log = 1 If anyone does attempt to smash the stack, you will receive a log entry of the form: Aug 14 21:35:02 pudge unix: NOTICE: XXXXX[6324] attempt to execute code on stack by uid 384 Where the "XXXXX" will be replaced by the name of the application that was attacked. This is all well and good for the 32 bit variants of Solaris. It appears that this doesn't work (and isn't necessary) with the 64 bit and fully SPARC V9 compliant variants. Rob Thomas, robt@cymru.com http://www.enteract.com/~robt