Hi, Regarding https://www.samba.org/samba/security/CVE-2012-1182
I'm currently step-by-step looking into compiling my own debs and recompiling existing once ( ignoring that optimisations are often overrated ) What i'm most interested in though is the hardening@compile-time of packages. Even if this means generic protection. Thinking some is better then none. For this i've, so far, used hardening-wrapper and hardening-includes packages. Though i'm not sure if i'm even using hardening-includes correctly at this time i dare to present a question. Part of the description of the CVE reads : "The flaw caused checks on the variable containing the length of an allocated array to be done independently from the checks on the variable used to allocate the memory for that array. As both these variables are controlled by the connecting client it makes it possible for a specially crafted RPC call to cause the server to execute arbitrary code." Would recompiling with a DEB_BUILD_HARDENING=1 and corresponding configuration as below in /etc/hardening-wrapper.conf have mitigated against this particular exploit vector ? Though part of the attack depends on logic i assume the 'specially crafted RPC call' could've been mitigated against. *glops* My /etc/hardening-wrapper.conf looks like DEB_BUILD_HARDENING=1 DEB_BUILD_HARDENING_DEBUG=0 DEB_BUILD_HARDENING_STACKPROTECTOR=1 DEB_BUILD_HARDENING_RELRO=1 DEB_BUILD_HARDENING_FORTIFY=1 DEB_BUILD_HARDENING_PIE=1 DEB_BUILD_HARDENING_FORMAT=1 Any and all references are welcome for discussion and study. Thank you for your consideration, St-Crusty -- - - - Security Avert * * If you think I deserve a rant, write me off-list -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAGT+gWw1VrxtpqXy=JeST_qByY74KG+7T+rap0=fnkh+rn+...@mail.gmail.com
