Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
51525354555657585960
A setuid program executing other programs.
A program unexpectedly gaining a user ID of zero (0). The user ID of zero is for
superuser or root only.
To prevent stack buffer overflow attacks:
Enable the executable_stack kernel tunable parameter.
Use the chatr +es command.
The executable_stack kernel tunable parameter enables you to prevent a program
from executing code from its stack. This guards against an intruder passing illegal data
to a program, thereby causing the program to execute arbitrary code from its program
stack.
The executable_stack kernel tunable parameter globally enables or disables stack
buffer overflow protection. A setting of 0 (zero) causes stacks to be nonexecutable and
is preferred for security reasons. By default, for backward compatibility,
executable_stack is set to 1, which allows stack execution and therefore no
protection. Use HP SMH or the kmtune command to change the value of
executable_stack.
An additional way to manage stack buffer overflow protection is to use the +es option
of the chatr command. For example, if executable_stack is set to zero but a
program does need to execute its stack, use the following chatr command to allow
stack execution for that program:
# chatr -es enable program
For more information, see chatr(1), kmtune(1M), and executable_stack(5).
2.8 Protecting Unattended Terminals and Workstations
Unattended workstations and terminals are extremely vulnerable to unauthorized users.
Like a front door left unlocked, they are open to anyone. This section explains the following
ways to reduce that risk:
Control access using /etc/inittab and run levels. Edit /etc/inittab to identify
which devices should run at different run levels.
Protect terminal device files by denying world access to user terminal sessions.
Configure the screen lock.
2.8.1 Controlling Access Using /etc/inittab and Run Levels
A run level is a system state in which a specific set of processes is permitted to run. The
processes and default run levels are defined in /etc/inittab. Run levels are 0 through
6, s, or S. If a process is not at the same run level as the system, it is terminated. If a
process is at the same run level, it is started or it continues to execute.
Following is an example to enable terminals and modems to be run at selected run levels.
Both ttp1 and ttp2 are at run levels 2 and 3.
2.8 Protecting Unattended Terminals and Workstations 53