SUMMARY: /etc/system commands

From: Christopher L. Barnard (cbar44@tsg.cbot.com)
Date: Tue Oct 08 2002 - 14:21:54 EDT

• Next message: Joe Moorman: "summary: GCC on Solaris 8"
• Previous message: Joe Moorman: "GCC on Solaris 8"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I asked:

For Solaris 7 and Solaris 8, one of the basic security hardening steps
is to put the following two lines into /etc/system to make the stack
non-executable:

set noexec_user_stack=1
set noexec_user_stack_log=1

I am wondering if these /etc/system commands will work with an older OS
(Solaris 2.6) or with a newer OS (Solaris 9). If anyone can confirm that
these do what they should do and don't cause the server to die a painful
death when added, I would be much appreciative.

TIA, and I will summarize.

The answer:

go for it. It has been part of the Solaris kernel since 2.6, and is
actually the default starting with Solaris 9 (although adding it will not
hurt anything). Several people said that errors or unsupported entries in
the /etc/system are not harmful at all -- the server will simply report on
bootup that there are unsupported entries in the /etc/system file and then
ignore them.

Thanks to:

ed.rolison@itc.alstom.com
Rob Warren <rob@greslin.org>
Matt Harris <mdh@mdh.si.edu>
Lyndon Tiu <ltiu@alumni.sfu.ca>
Casper Dik <Casper.Dik@Sun.COM>
Rick Kelly <rmk@toad.rmkhome.com>
"Stout, Noelette" <NStout@IKON.com>
"Fiamingo, Frank" <FiamingF@strsoh.org>
"Patrick L. Nolan" <pln@razzle.Stanford.EDU>
"Konstantin Orekhov" <korekhov@clickaction.com>
"Kevin Buterbaugh" <Kevin.Buterbaugh@lifeway.com>
Justin Stringfellow <js70062@ms-egmp02-01.UK.Sun.COM>

+-----------------------------------------------------------------------+
| Christopher L. Barnard O When I was a boy I was told that |
| cbarnard@tsg.cbot.com / \ anybody could become president. |
| (312) 347-4901 O---O Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Joe Moorman: "summary: GCC on Solaris 8"
• Previous message: Joe Moorman: "GCC on Solaris 8"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:25:04 EDT