Defenses against Stack-Based
Buffer Overflow Attacks (cont.)
¨
Configure operating systems with
nonexecutable stack
–
Solaris:
add the following to /etc/system file
•
set noexec_user_stack=1
•
set noexec_user_stack_log=1
–
Linux: apply a kernel patch
http://www.openwall.com/linux/README
–
Windows NT: install SecureStack
http://www.securewave.com/products/securesta
ck/secure_stack.html
–