[14704] in bugtraq
Re: Solaris 7 x86 lpset exploit.
daemon@ATHENA.MIT.EDU (Jor)
Thu Apr 27 13:08:14 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000427093654.A23449@fm.rz.fh-muenchen.de>
Date: Thu, 27 Apr 2000 09:36:54 +0200
Reply-To: jpm@class.de
From: Jor <jor@FM.RZ.FH-MUENCHEN.DE>
X-To: Andrew Brown <atatat@atatdot.net>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000426155119.A8085@noc.untraceable.net>
On Wed, Apr 26, 2000 at 03:51:19PM -0400, Andrew Brown wrote:
> >>There is a sparc version avail for this bug, the bug was discovered by
> >>duke some time ago.
>
> just for people who don't know...or have forgotten...putting this:
>
> set noexec_user_stack = 1
> set noexec_user_stack_log = 1
>
> in your /etc/system file protects you against this. it doesn't fix
> the bug, but it stops the effects from being quite so "bad".
And for all those who cannot afford to reboot their servers very often,
but want the same protection:
echo "noexec_user_stack/W 0x1" | adb -wk /dev/ksyms /dev/mem
echo "noexec_user_stack_log/W 0x1" | adb -wk /dev/ksyms /dev/mem
This will change the running kernel. (i.e. no reboot required)
but dont forget to put the above lines in yout /etc/system ;)
another note: while this seem to have very litle negative effect
on all solaris/sparc app's i have used so far, there is a reason,
why SUN does enable stack execution by default, if i am correctly
informed this is due to some fortran or rare/old compiler issue,
and might break some fortran or other alien language code...
Thats probably what the second line (noexec_user_stack_log) is
for, to see in your kernel-log's when this caused a program to fail.
So, first try this out on a test machine before doing it on the
production machine!
hoever, the echo ... |adb methode can be used to switch back
to original operation w/o reboot ;)
i hope this helps some...
Juergen
--
Juergen P. Meier email: jpm@class.de
Class GmbH Firmengruppe phone: +49 172 8379103
