Archives
Archives
| From: | "Jason A. Donenfeld" <Jason@×××××.com> |
|---|---|
| To: | "Diego E. Flameeyes" <flameeyes@×××××.com> |
| Cc: | gentoo-dev@l.g.o |
| Subject: | [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? |
| Date: | Mon, 23 Jan 2012 19:09:44 |
| Message-Id: | CAHmME9oDzehZRbOM90u4viQa+xQuHQGyZfcvtqY-8JEWfDSUdA@mail.gmail.com |
| 1 | Hi Diego, |
| 2 | |
| 3 | So I recently published this: http://blog.zx2c4.com/749 , a local priv |
| 4 | escalation. It doesn't work on Fedora because their /bin/su is compiled |
| 5 | with -pie. (They don't compile gpasswd with -pie though, so they're still |
| 6 | vulnerable.) In any case, what if we made it a policy in Gentoo to compile * |
| 7 | all* SUID binaries with PIE, to prevent against any types of future attacks |
| 8 | of this variety? |
| 9 | |
| 10 | Jason |
| Subject | Author |
|---|---|
| [gentoo-dev] Re: Can we get PIE on all SUID binaries by default, por favor? | "Diego Elio Pettenò" <flameeyes@g.o> |
| Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? | Mike Frysinger <vapier@g.o> |