| 1 |
On Monday 23 January 2012 14:08:51 Jason A. Donenfeld wrote: |
| 2 |
> So I recently published this: http://blog.zx2c4.com/749 , a local priv |
| 3 |
> escalation. It doesn't work on Fedora because their /bin/su is compiled |
| 4 |
> with -pie. (They don't compile gpasswd with -pie though, so they're still |
| 5 |
> vulnerable.) In any case, what if we made it a policy in Gentoo to compile |
| 6 |
> * all* SUID binaries with PIE, to prevent against any types of future |
| 7 |
> attacks of this variety? |
| 8 |
|
| 9 |
pedantically, PIE+ASLR makes it significantly harder to exploit, not impossible |
| 10 |
|
| 11 |
if we could get some general performance numbers that show non-PIE vs PIE, |
| 12 |
that'd help make the case for turning PIE on by default regardless of set*id. |
| 13 |
-mike |
Archives