From: | "Jason A. Donenfeld" <Jason@×××××.com> |
---|---|
To: | "Diego E. Flameeyes" <flameeyes@×××××.com> |
Cc: | gentoo-dev@l.g.o |
Subject: | [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? |
Date: | Mon, 23 Jan 2012 19:09:44 |
Message-Id: | CAHmME9oDzehZRbOM90u4viQa+xQuHQGyZfcvtqY-8JEWfDSUdA@mail.gmail.com |
1 | Hi Diego, |
2 | |
3 | So I recently published this: http://blog.zx2c4.com/749 , a local priv |
4 | escalation. It doesn't work on Fedora because their /bin/su is compiled |
5 | with -pie. (They don't compile gpasswd with -pie though, so they're still |
6 | vulnerable.) In any case, what if we made it a policy in Gentoo to compile * |
7 | all* SUID binaries with PIE, to prevent against any types of future attacks |
8 | of this variety? |
9 | |
10 | Jason |
Subject | Author |
---|---|
[gentoo-dev] Re: Can we get PIE on all SUID binaries by default, por favor? | "Diego Elio Pettenò" <flameeyes@g.o> |
Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? | Mike Frysinger <vapier@g.o> |