The system must use available memory address randomization techniques.

From AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE

Part of GEN008420

Associated with IA controls: ECSC-1

Associated with: CCI-000366

SV-38831r1_rule The system must use available memory address randomization techniques.

Vulnerability discussion

Successful exploitation of buffer overflow vulnerabilities relies in some measure to having a predictable address structure of the executing program. Address randomization techniques reduce the probability of a successful exploit.

Check content

Running the sedmgr command without any options will show the settings currently in effect. #sedmgr If the value returned for the sedmgr mode is off, this is a finding.

Fix text

Configure the system to use any available memory address randomization techniques. Recommended settings are either to enable stack execution disablement for all suid files or select system executables. Set sedmgr to enforce on selected files and terminate processes violating stack execution boundaries. # sedmgr -m select -o off OR Set sedmgr to enforce on setid files and terminate processes violating stack execution boundaries. # sedmgr -m setidfiles -o off After a global system change to the sed, the system should be rebooted. # shutdown -Fr

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer