Re: OEM Policy Violation for Execute Stack
- From: David Roberts <big.dave.roberts@xxxxxxxxxxxxxx>
- To: hostetter.jay@xxxxxxxxx
- Date: Sun, 2 Mar 2014 21:29:49 +0000
I think that this explains it to a greater depth than I understand it:
http://en.wikipedia.org/wiki/NX_bit
Which I found via this bilingual page:
http://m.blog.csdn.net/blog/anddyhua/9174609
As I understand it, some chips enable segregation of code from data in
hardware as a way to eliminate buffer overrun security issues.
For this to be most effective the operating system needs to make sure that
the data written to the stack is located in an area that the chip
understands as data and should never be executed.
HTH.
Dave
On Wed, Feb 26, 2014 at 2:08 PM, Jay Hostetter <hostetter.jay@xxxxxxxxx>wrote:
> I inherited an environment, and I am going through the various policy
> violations in OEM (11.1.0.1). The target databases are primarily
> 11.2.0.3. All of my hosts have a policy violation "warning" for the
> "Execute Stack" policy, which says to "Ensure that the OS configuration
> parameter, which enables execution of code on the user stack, is not
> enabled." I have been searching docs, Oracle Support, and the internet,
> but have found almost nothing which tells me more specifics about this
> check. The underlying metric is "executeStackRep". The host OS is SUSE
> Linux Enterprise 11. I'd appreciate it if anyone could point me in the
> right direction for understanding this warning.
>
> Thank you,
> Jay
>
Other related posts:
