HP-UX 11i December 2002 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

251

252

253

254

255

256

257

258

259

260

Security

Execute Protected Stacks

Chapter 13

254

Execute Protected Stacks

new at 11i

original release

System security can be improved by enabling a new feature that execute protected

program stacks.

A common method of breaking into systems is by maliciously overflowing buffers on a

program's stack. Malicious unprivileged users often use this method to trick a privileged

program into starting a superuser shell for them, or similar unauthorized actions.

Detailed information on this type of attack may be found by doing a web search for

“Smashing the Stack for Fun and Profit.”

HP-UX 11i provides new mechanisms to defend against this type of attack without

sacrificing performance.

By setting the kernel tunable parameter executable_stack to zero, HP-UX systems can

be configured to execute protect program stacks, providing significant protection from

many common buffer overflow attacks. In the vast majority of cases, enabling this

feature will not affect compatibility of any legitimate applications.

Please refer to the new +es option section of the chatr (1) manpage for additional

information on how to configure this feature and how to quickly detect and resolve any

(very rare) compatibility issues that may result from enabling it.

To implement this feature, changes were made to kernel execve() and virtual memory

code, and to the chatr, elfdump, and ld commands.

Impact

One of the primary goals of this feature is to significantly improve system security with

the minimum possible effect on performance or compatibility. It consumes essentially

no disk space or memory, and has no functional impact on the vast majority of legitimate

applications, other than making them less vulnerable to malicious attacks. There is no

measurable performance impact from this code.

Compatibility

In the default configuration, HP-UX is unaffected by these changes. Users who want to

use this feature must explicitly enable it by setting the kernel tunable parameter

executable_stack to 0. HP strongly encourages you to enable this feature. Refer to the

+es section of the chatr (1) manpage for details of the possible trade-offs between

security and compatibility.

ELF-64 programs linked on previous releases of HP-UX will not benefit from this

security feature until they are re-linked on HP-UX 11i or later, but will still function

normally. 32-bit applications do not need to be re-linked.

The output of chatr and elfdump have changed slightly. chatr now supports an +es

option.