Date: Fri, 19 Feb 1999 17:02:55 -0800 From: Lamont Granquist To: BUGTRAQ@netspace.org Subject: Executable Stack Patch for Digital Unix 4.0D Hot off the presses: Digital Engineering has developed an non-exec-stack patch for Digital Unix 4.0D. This must be applied *ONLY* to Digital Unix 4.0D with the BL11 jumbo patch kit #3 installed. I do not know if Compaq plans on incorporating this into 4.0E or into any future or prior releases. BL11/PK3 for DU4.0D can be obtained at: ftp://ftp.service.digital.com/public/dunix/v4.0d/duv40das00003-19990208.tar After installing this patch kit download the following two files: ftp://xfer.service.digital.com/to_customer/proc.mod ftp://xfer.service.digital.com/to_customer/std_kern.mod Then do something of this nature to move them into /sys/BINARY, while preserving the original files (you'll probably need them for future patch kits): mv /sys/BINARY/proc.mod /sys/BINARY/proc.mod.orig mv /sys/BINARY/std_kern.mod /sys/BINARY/std_kern.mod.orig mv proc.mod /sys/BINARY mv std_kern.mod /sys/BINARY Rebuild your kernel (cd /sys/conf/; doconfig -c ), reinstall your kernel and reboot. The stack will now be non-executable by default. To change this add the line: proc: executable_stack = 1 to /etc/sysconfigtab -- there is no need to reboot. Alternatively, as root issue the command: # sysconfig -r proc executable_stack=1 Of course, set this value to zero if you want non-exec-stack again. I tested this against /usr/bin/mh/inc, nsralist and /usr/bin/rdist and it worked quite nicely in all cases -- setting executable_stack=1 turned back on the vulnerability. Of course this patch may cause certain programs (like compilers) to break, keep this in mind, it may not be appropriate for workstations that have a lot of development work on them. It will probably be a good thing for servers and general-access machines though. And remember, *ONLY* for DU4.0D with BL11. -- Lamont Granquist lamontg@raven.genome.washington.edu Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontg@raven.genome.washington.edu | pgp -fka