4.2 Enable stack protection - Check if 'noexec_user_stack' is set to 1 in /etc/system (Solaris 2.6 or later)

Information

Only applicable on Solaris 2.6 and later systems. Buffer overflow exploits have been the basis for many of the recent highly publicized compromises and defacements of large numbers of Internet connected systems. Many of the automated tools in use by system crackers exploit well-known buffer overflow problems in vendor-supplied and third-party software. Enabling stack protection prevents certain classes of buffer overflow attacks and is a significant security enhancement.

See Also

https://workbench.cisecurity.org/files/633

Item Details

Audit Name: CIS Solaris 9 v1.3

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-16

Plugin: Unix

Control ID: bd22209d83ecd653a00cb93d87c773b215df804d36f2e55304aa322960c7499f