[Pkg-shadow-devel] Bug#657010: Bug#657010: [login] 'su' should be PIE
xrgtn at yandex.ru
Tue Jan 24 12:28:48 UTC 2012
On Mon, Jan 23, 2012 at 09:06:38PM +0200, Török
> PIE refers to -fPIE from GCC of course.
> Using that flag doesn't completely prevent the exploit though.
> Apparently packages should adopt hardening flags for wheezy:
> > After their meeting on the 14-16 January 2011, the
> > debian security team announced in an email they
> > intend to push the inclusion of hardening features
> > for the wheezy release.
By the way, all packages that contain suid
binaries (and/or libraries these binaries depend
on) should be hardened as much as possible anyway,
and this doesn't end with -fPIE. And IMO this
shouldn't be intended to work around the
CVE-2012-0056 (because ASLR/PIE doesn't prevent
the kernel bug to be exploited, according to PaX
But I'm fine with using CVE-2012-0056 as a trigger
to incorporate some Hardening into shadow.
xrgtn at ux380n:~$ hardening-check /usr/sbin/sshd
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
xrgtn at ux380n:~$ hardening-check /bin/su
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
xrgtn at ux380n:~$
Nicolas, please consider what can be done to fix
that (or at least some of the above).
Currently I'm reading the
part, but it's still unclear for me how to apply
this stuff to shadow builds (assuming that the
last time I built shadow was more than 4 years ago
With best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: Digital signature
More information about the Pkg-shadow-devel