1 |
On Monday 23 January 2012 14:08:51 Jason A. Donenfeld wrote: |
2 |
> So I recently published this: http://blog.zx2c4.com/749 , a local priv |
3 |
> escalation. It doesn't work on Fedora because their /bin/su is compiled |
4 |
> with -pie. (They don't compile gpasswd with -pie though, so they're still |
5 |
> vulnerable.) In any case, what if we made it a policy in Gentoo to compile |
6 |
> * all* SUID binaries with PIE, to prevent against any types of future |
7 |
> attacks of this variety? |
8 |
|
9 |
pedantically, PIE+ASLR makes it significantly harder to exploit, not impossible |
10 |
|
11 |
if we could get some general performance numbers that show non-PIE vs PIE, |
12 |
that'd help make the case for turning PIE on by default regardless of set*id. |
13 |
-mike |