From AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE
Part of GEN008420
Associated with IA controls: ECSC-1
Associated with: CCI-000366
Successful exploitation of buffer overflow vulnerabilities relies in some measure to having a predictable address structure of the executing program. Address randomization techniques reduce the probability of a successful exploit.
Running the sedmgr command without any options will show the settings currently in effect. #sedmgr If the value returned for the sedmgr mode is off, this is a finding.
Configure the system to use any available memory address randomization techniques. Recommended settings are either to enable stack execution disablement for all suid files or select system executables. Set sedmgr to enforce on selected files and terminate processes violating stack execution boundaries. # sedmgr -m select -o off OR Set sedmgr to enforce on setid files and terminate processes violating stack execution boundaries. # sedmgr -m setidfiles -o off After a global system change to the sed, the system should be rebooted. # shutdown -Fr
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer