Sidebar : Protecting the Stack

There is actually a way to protect the Solaris stack space and render buffer overrun attacks harmless. Casper Dik of Sun Holland wrote such a script for Solaris 2.4, 2.5, and 2.5.1 (Listing 5). It essentially removes the ability of the stack to execute arbitrary programs. All buffer overrun attacks that I tried, while the script was in place, failed. The only problem (and this is a big problem) is that this script tends to break some programs such as gcc. If one of your systems has no use for gcc, and security is more of a concern, then by all means you should try it out. The instructions are pretty self-explanatory within the script.