On 01/23/2012 08:53 PM, Nicolas François wrote: > Hello, > > On Mon, Jan 23, 2012 at 03:06:46PM +0200, [email protected] wrote: >> >> See CVE-2012-0056, a non-PIE 'su' binary makes it very easy to exploit. > > Would you mind giving a bit more information? > > I unfortunately stick to this PIE definition from wikipedia:
PIE refers to -fPIE from GCC of course. Using that flag doesn't completely prevent the exploit though. > baked dish which is usually made of a pastry dough casing that > covers or completely contains a filling of various sweet or > savoury ingredients. > which does not help understanding how to PIE 'su'. > > Also, I have no access to CVE-2012-0056, which is under review as of > today. Here is a good summary and discussions: https://lwn.net/Articles/476684/ > References I could find indicate an issue in the Linux kernel handling of > /proc/<pid>/mem > > As of using hardening compiler / linker options, I have no idea if this is > a common practice / recommended / used in other packages. > Would it make sense to enable such flags if not done in the PAM modules or > by other suid programs? > Apparently packages should adopt hardening flags for wheezy: http://wiki.debian.org/Hardening#State_of_implementation Best regards, --Edwin -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
