Endpoint Administration Guide for UNIX › General Security Features › Protecting Against Stack Overflow: STOP › Stack Overflow Protection on UNIX/Linux Platforms
Stack Overflow Protection on UNIX/Linux Platforms
When using Stack Overflow Protection on a UNIX or Linux platform, consider the following:
- (Solaris 11 AMD) STOP is disabled for Solaris 11 and later because Solaris 11 natively provides stack protection: Solaris 11 changes process stack location and has built-in support for Address Space Layout Randomization (ASLR). By default, this protection is turned on for tagged files, which includes zones.
- (Red Hat Linux, SuSE Linux) When Linux native stack randomization (exec-shield-randomize) is enforced, the STOP feature is not activated.
- (Linux s390 RHEL 4) Native stack randomization does not work in RHEL 4 and you must deactivate exec-shield-randomize for STOP to be active.
To deactivate native stack randomization, enter the following command:
echo 0 > /proc/sys/kernel/exec-shield-randomize
Copyright © 2013 CA Technologies.
All rights reserved.
|
|