Stack Execution Disable (SED)


Stack Execution Disable (SED) is an indispensable tool for preventing buffer overflow attacks.  A buffer overflow attack is a type of attack common to all UNIX platforms.  SED has functionality to either detect or prevent the execution of a buffer overflow attack.  SED is mandated by PCI 3.2 and above


  1. Provides the ability to monitor a system for processes that run on the stack (which could be a buffer overflow attack)
  2. Once your system has been properly prepared, it can prevent the execution of any type of buffer overflow attack
  3. Provides the ability to exempt a select set of executables that legitimately need to “run on the stack”


see: Integration Assistance Flyer

%d bloggers like this: