Executable Stack Patch for Digital Unix 4.0D from Lamont Granquist on 1999-02-20 (tru64-unix-managers)

From: Lamont Granquist <lamontg_at_raven.genome.washington.edu>
Date: Fri, 19 Feb 1999 17:02:55 -0800

Hot off the presses:

Digital Engineering has developed an non-exec-stack patch for Digital Unix
4.0D. This must be applied *ONLY* to Digital Unix 4.0D with the BL11
jumbo patch kit #3 installed. I do not know if Compaq plans on
incorporating this into 4.0E or into any future or prior releases.

BL11/PK3 for DU4.0D can be obtained at:

ftp://ftp.service.digital.com/public/dunix/v4.0d/duv40das00003-19990208.tar

After installing this patch kit download the following two files:

ftp://xfer.service.digital.com/to_customer/proc.mod
ftp://xfer.service.digital.com/to_customer/std_kern.mod

Then do something of this nature to move them into /sys/BINARY, while
preserving the original files (you'll probably need them for future patch
kits):

mv /sys/BINARY/proc.mod /sys/BINARY/proc.mod.orig
mv /sys/BINARY/std_kern.mod /sys/BINARY/std_kern.mod.orig
mv proc.mod /sys/BINARY
mv std_kern.mod /sys/BINARY

Rebuild your kernel (cd /sys/conf/<WHATEVER>; doconfig -c <WHATEVER>),
reinstall your kernel and reboot.

The stack will now be non-executable by default. To change this add the
line:

proc:
executable_stack = 1

to /etc/sysconfigtab -- there is no need to reboot. Alternatively, as
root issue the command:

# sysconfig -r proc executable_stack=1

Of course, set this value to zero if you want non-exec-stack again.

I tested this against /usr/bin/mh/inc, nsralist and /usr/bin/rdist and it
worked quite nicely in all cases -- setting executable_stack=1 turned back
on the vulnerability.

Of course this patch may cause certain programs (like compilers) to break,
keep this in mind, it may not be appropriate for workstations that have a
lot of development work on them. It will probably be a good thing for
servers and general-access machines though.

And remember, *ONLY* for DU4.0D with BL11.

-- 
Lamont Granquist                       lamontg_at_raven.genome.washington.edu
Dept. of Molecular Biotechnology       (206)616-5735  fax: (206)685-7344
Box 352145 / University of Washington / Seattle, WA 98195
PGP pubkey: finger lamontg_at_raven.genome.washington.edu | pgp -fka

Received on Sat Feb 20 1999 - 01:05:35 NZDT

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:39 NZDT