Executable Stack Patch for Digital Unix 4.0D

From: Lamont Granquist (lamontgat_private)
Date: Fri Feb 19 1999 - 17:02:55 PST

Next message: Georgi Guninski: "Re: Netscape Communicator window spoofing bug"

Previous message: SGI Security Coordinator: "Vulnerability in ToolTalk RPC Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hot off the presses:

Digital Engineering has developed an non-exec-stack patch for Digital Unix
4.0D.  This must be applied *ONLY* to Digital Unix 4.0D with the BL11
jumbo patch kit #3 installed.  I do not know if Compaq plans on
incorporating this into 4.0E or into any future or prior releases.

BL11/PK3 for DU4.0D can be obtained at:

ftp://ftp.service.digital.com/public/dunix/v4.0d/duv40das00003-19990208.tar

After installing this patch kit download the following two files:

ftp://xfer.service.digital.com/to_customer/proc.mod
ftp://xfer.service.digital.com/to_customer/std_kern.mod

Then do something of this nature to move them into /sys/BINARY, while
preserving the original files (you'll probably need them for future patch
kits):

mv /sys/BINARY/proc.mod /sys/BINARY/proc.mod.orig
mv /sys/BINARY/std_kern.mod /sys/BINARY/std_kern.mod.orig
mv proc.mod /sys/BINARY
mv std_kern.mod /sys/BINARY

Rebuild your kernel (cd /sys/conf/<WHATEVER>; doconfig -c <WHATEVER>),
reinstall your kernel and reboot.

The stack will now be non-executable by default.  To change this add the
line:

proc:
        executable_stack = 1

to /etc/sysconfigtab -- there is no need to reboot.  Alternatively, as
root issue the command:

# sysconfig -r proc executable_stack=1

Of course, set this value to zero if you want non-exec-stack again.

I tested this against /usr/bin/mh/inc, nsralist and /usr/bin/rdist and it
worked quite nicely in all cases -- setting executable_stack=1 turned back
on the vulnerability.

Of course this patch may cause certain programs (like compilers) to break,
keep this in mind, it may not be appropriate for workstations that have a
lot of development work on them.  It will probably be a good thing for
servers and general-access machines though.

And remember, *ONLY* for DU4.0D with BL11.

--
Lamont Granquist                       lamontgat_private
Dept. of Molecular Biotechnology       (206)616-5735  fax: (206)685-7344
Box 352145 / University of Washington / Seattle, WA 98195
PGP pubkey: finger lamontgat_private | pgp -fka

Next message: Georgi Guninski: "Re: Netscape Communicator window spoofing bug"
Previous message: SGI Security Coordinator: "Vulnerability in ToolTalk RPC Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:36:06 PDT