Project

General

Profile

Feature #7031

noexec_user_stack should be a security-flag

Added by Rich Lowe over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
kernel
Start date:
2016-06-02
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

In addition to being tuned globally via the noexec_user_stack kernel global (which is retained for compatibility). The control of stack executability fits neatly as a per-process security-flags (see #7029) and should be implemented as one.


Related issues

Related to illumos gate - Feature #7029: want per-process exploit mitigation features (secflags)ClosedRich Lowe2016-06-02

Actions
#1

Updated by Electric Monk about 4 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 70 to 100

git commit d2a70789f056fc6c9ce3ab047b52126d80b0e3da

commit  d2a70789f056fc6c9ce3ab047b52126d80b0e3da
Author: Richard Lowe <richlowe@richlowe.net>
Date:   2016-10-15T16:02:16.000Z

    7029 want per-process exploit mitigation features (secflags)
    7030 want basic address space layout randomization (ASLR)
    7031 noexec_user_stack should be a security-flag
    7032 want a means to forbid mappings around NULL
    Reviewed by: Robert Mustacchi <rm@joyent.com>
    Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
    Reviewed by: Patrick Mooney <pmooney@joyent.com>
    Approved by: Dan McDonald <danmcd@omniti.com>

#2

Updated by Joshua M. Clulow over 1 year ago

  • Related to Feature #7029: want per-process exploit mitigation features (secflags) added

Also available in: Atom PDF