Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Executable Stack Patch for Digital Unix 4.0D

From: lamontg () RAVEN GENOME WASHINGTON EDU (Lamont Granquist)
Date: Fri, 19 Feb 1999 17:02:55 -0800

Hot off the presses:

Digital Engineering has developed an non-exec-stack patch for Digital Unix
4.0D.  This must be applied *ONLY* to Digital Unix 4.0D with the BL11
jumbo patch kit #3 installed.  I do not know if Compaq plans on
incorporating this into 4.0E or into any future or prior releases.

BL11/PK3 for DU4.0D can be obtained at:

ftp://ftp.service.digital.com/public/dunix/v4.0d/duv40das00003-19990208.tar

After installing this patch kit download the following two files:

ftp://xfer.service.digital.com/to_customer/proc.mod
ftp://xfer.service.digital.com/to_customer/std_kern.mod

Then do something of this nature to move them into /sys/BINARY, while
preserving the original files (you'll probably need them for future patch
kits):

mv /sys/BINARY/proc.mod /sys/BINARY/proc.mod.orig
mv /sys/BINARY/std_kern.mod /sys/BINARY/std_kern.mod.orig
mv proc.mod /sys/BINARY
mv std_kern.mod /sys/BINARY

Rebuild your kernel (cd /sys/conf/<WHATEVER>; doconfig -c <WHATEVER>),
reinstall your kernel and reboot.

The stack will now be non-executable by default.  To change this add the
line:

proc:
        executable_stack = 1

to /etc/sysconfigtab -- there is no need to reboot.  Alternatively, as
root issue the command:

# sysconfig -r proc executable_stack=1

Of course, set this value to zero if you want non-exec-stack again.

I tested this against /usr/bin/mh/inc, nsralist and /usr/bin/rdist and it
worked quite nicely in all cases -- setting executable_stack=1 turned back
on the vulnerability.

Of course this patch may cause certain programs (like compilers) to break,
keep this in mind, it may not be appropriate for workstations that have a
lot of development work on them.  It will probably be a good thing for
servers and general-access machines though.

And remember, *ONLY* for DU4.0D with BL11.

--
Lamont Granquist                       lamontg () raven genome washington edu
Dept. of Molecular Biotechnology       (206)616-5735  fax: (206)685-7344
Box 352145 / University of Washington / Seattle, WA 98195
PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka
Previous By Date Next
Previous By Thread Next

Current thread: