I asked: For Solaris 7 and Solaris 8, one of the basic security hardening steps is to put the following two lines into /etc/system to make the stack non-executable: set noexec_user_stack=1 set noexec_user_stack_log=1 I am wondering if these /etc/system commands will work with an older OS (Solaris 2.6) or with a newer OS (Solaris 9). If anyone can confirm that these do what they should do and don't cause the server to die a painful death when added, I would be much appreciative. TIA, and I will summarize. The answer: go for it. It has been part of the Solaris kernel since 2.6, and is actually the default starting with Solaris 9 (although adding it will not hurt anything). Several people said that errors or unsupported entries in the /etc/system are not harmful at all -- the server will simply report on bootup that there are unsupported entries in the /etc/system file and then ignore them. Thanks to: ed.rolison@itc.alstom.com Rob Warren <rob@greslin.org> Matt Harris <mdh@mdh.si.edu> Lyndon Tiu <ltiu@alumni.sfu.ca> Casper Dik <Casper.Dik@Sun.COM> Rick Kelly <rmk@toad.rmkhome.com> "Stout, Noelette" <NStout@IKON.com> "Fiamingo, Frank" <FiamingF@strsoh.org> "Patrick L. Nolan" <pln@razzle.Stanford.EDU> "Konstantin Orekhov" <korekhov@clickaction.com> "Kevin Buterbaugh" <Kevin.Buterbaugh@lifeway.com> Justin Stringfellow <js70062@ms-egmp02-01.UK.Sun.COM> +-----------------------------------------------------------------------+ | Christopher L. Barnard O When I was a boy I was told that | | cbarnard@tsg.cbot.com / \ anybody could become president. | | (312) 347-4901 O---O Now I'm beginning to believe it. | | http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow | +----------PGP public key available via finger or PGP keyserver---------+ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Oct 8 14:24:56 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:56 EST