1 |
Hello Jason, |
2 |
|
3 |
Il giorno lun, 23/01/2012 alle 20.08 +0100, Jason A. Donenfeld ha |
4 |
scritto: |
5 |
|
6 |
> So I recently published this: http://blog.zx2c4.com/749 , a local priv |
7 |
> escalation. |
8 |
|
9 |
I've seen the news :) |
10 |
|
11 |
> It doesn't work on Fedora because their /bin/su is compiled with |
12 |
> -pie. (They don't compile gpasswd with -pie though, so they're still |
13 |
> vulnerable.) |
14 |
|
15 |
Is it because of PIE alone or ASLR? Just curious it doesn't make much |
16 |
difference to me. |
17 |
|
18 |
> In any case, what if we made it a policy in Gentoo to compile all SUID |
19 |
> binaries with PIE, to prevent against any types of future attacks of |
20 |
> this variety? |
21 |
|
22 |
Here's the trick: it's hard to decide what to compile PIE and what not |
23 |
because we generally don't split the build for the two. I guess a good |
24 |
point here could be made to build _everything_ PIE, but it can be tricky |
25 |
(at least hotot seem not to work on a PIE system). |
26 |
|
27 |
It would be also a good idea to resume working on the file-based |
28 |
capabilities, dropping suid altogether. |
29 |
|
30 |
The main issue here: it's not just my call to make; toolchain and |
31 |
council should probably chime in on this. |
32 |
|
33 |
-- |
34 |
Diego Elio Pettenò <flameeyes@g.o> |
35 |
Gentoo Linux |