Re: Solaris 7 x86 lpset exploit.

[jor () FM RZ FH-MUENCHEN DE (Jor)]

On Wed, Apr 26, 2000 at 03:51:19PM -0400, Andrew Brown wrote:
> > > There is a sparc version avail for this bug, the bug was discovered by
> > > duke some time ago.
>
> just for people who don't know...or have forgotten...putting this:
>
>    set noexec_user_stack = 1
>    set noexec_user_stack_log = 1
>
> in your /etc/system file protects you against this.  it doesn't fix
> the bug, but it stops the effects from being quite so "bad".

And for all those who cannot afford to reboot their servers very often,
but want the same protection:

echo "noexec_user_stack/W 0x1" | adb -wk /dev/ksyms /dev/mem
echo "noexec_user_stack_log/W 0x1" | adb -wk /dev/ksyms /dev/mem

This will change the running kernel. (i.e. no reboot required)
but dont forget to put the above lines in yout /etc/system ;)

another note: while this seem to have very litle negative effect
on all solaris/sparc app's i have used so far, there is a reason,
why SUN does enable stack execution by default, if i am correctly
informed this is due to some fortran or rare/old compiler issue,
and might break some fortran or other alien language code...

Thats probably what the second line (noexec_user_stack_log) is
for, to see in your kernel-log's when this caused a program to fail.

So, first try this out on a test machine before doing it on the
production machine!

hoever, the echo ... |adb methode can be used to switch back
to original operation w/o reboot ;)

i hope this helps some...

Juergen

--
Juergen P. Meier                        email: jpm () class de
Class GmbH Firmengruppe                 phone: +49 172 8379103