[Pkg-shadow-devel] Bug#657010: Bug#657010: [login] 'su' should be PIE

Alexander Gattin xrgtn at yandex.ru
Tue Jan 24 12:28:48 UTC 2012


On Mon, Jan 23, 2012 at 09:06:38PM +0200, Török
Edwin wrote:
> PIE refers to -fPIE from GCC of course.
> Using that flag doesn't completely prevent the exploit though.
> Apparently packages should adopt hardening flags for wheezy:
> http://wiki.debian.org/Hardening#State_of_implementation:
> > After their meeting on the 14-16 January 2011, the
> > debian security team announced in an email they
> > intend to push the inclusion of hardening features
> > for the wheezy release.

By the way, all packages that contain suid
binaries (and/or libraries these binaries depend
on) should be hardened as much as possible anyway,
and this doesn't end with -fPIE. And IMO this
shouldn't be intended to work around the
CVE-2012-0056 (because ASLR/PIE doesn't prevent
the kernel bug to be exploited, according to PaX

But I'm fine with using CVE-2012-0056 as a trigger
to incorporate some Hardening into shadow.

xrgtn at ux380n:~$ hardening-check /usr/sbin/sshd 
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes
 Read-only relocations: yes
 Immediate binding: yes
xrgtn at ux380n:~$ hardening-check /bin/su 
 Position Independent Executable: no, normal executable!
 Stack protected: no, not found!
 Fortify Source functions: no, not found!
 Read-only relocations: no, not found!
 Immediate binding: no, not found!
xrgtn at ux380n:~$ 

Nicolas, please consider what can be done to fix
that (or at least some of the above).

Currently I'm reading the
part, but it's still unclear for me how to apply
this stuff to shadow builds (assuming that the
last time I built shadow was more than 4 years ago

With best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20120124/cf093d2b/attachment-0001.pgp>

More information about the Pkg-shadow-devel mailing list