General
cancel
Showing results for 
Search instead for 
Did you mean: 

Kernel Parameter executable_stack

LeoThe13th
Advisor

Kernel Parameter executable_stack

Curently all our application is running on Oracle 9i (9.2.0) and application is up and running.

As per the pre-requiste script for Oracle 10g we have to install HP
UX patched and set Kernel parameter executable_stack to 0.
List of Patches
PHNE_31097
PHSS_31221
PHSS_30970
PHSS_32508
PHSS_32509
PHSS_32510

I have installed all above patches and set kernel parameter toexecutable_stack to 0 but my application is still in Oracle 9i and my database is Oracle 9i.

My code is not executing anything on stack.

Thanks
Bhushan
4 REPLIES
James R. Ferguson
Acclaimed Contributor

Re: Kernel Parameter executable_stack

Hi:

> My code is not executing anything on stack.

And with the kernel parameter set to 0 it won't be allowed to do so. This is the purpose; to defeat malicious, arbitrary "stack-smashing" or buffer overflow attacks.

Regards!

...JRF...
Steven E. Protter
Exalted Contributor

Re: Kernel Parameter executable_stack

Shalom,

Oracle 9.2.0 has a number of pre-installation kernel parameters. These must be complied with prior to installation.

They and the Oracle recommended patch list are on http://metalink.oracle.com

I don't see an OS listed in your post, but the patch list looks a little short compared to what I installed to get that version working on HP-UX 11.11

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
LeoThe13th
Advisor

Re: Kernel Parameter executable_stack

I want to say that...my C code is not using any kind of stack programing.

SO my question is
Above patches and Kernel parameter is set to 0 and my application on oracle 9i and HP UX 11.11 will work fine or not?
James R. Ferguson
Acclaimed Contributor

Re: Kernel Parameter executable_stack

Hi (again):

> want to say that...my C code is not using any kind of stack programing.

You really mean that your code isn't attempting to exploit a buffer overflow.

> SO my question is
Above patches and Kernel parameter is set to 0 and my application on oracle 9i and HP UX 11.11 will work fine or not?

Yes. If you are truly concerned you could set the 'executable_stack' parameter to two (2) which will allow potentially malicious code to run but log events in the 'dmesg' buffer. This would be overkill in my opinion. Stay with the value of zero (0).

Regards!

...JRF...