James Courtier-Dutton wrote:
scanelf is a tool one can use to find which programs have an executable
stack. For security reasons, and executable stack should be avoided if
at all possible.
scanelf -Rqe /usr/lib/openoffice/*
results in a lot of openoffice having an executable stack.
e.g.
RWX --- --- /usr/lib/openoffice/program/soffice.bin
Can openoffice developers take some care so as to avoid this.
It makes exploits so much easier to do in openoffice, and making the
stack only RW- would result in openoffice being a lot more secure.
Some guidelines on how to correct these problems can be found here:
http://www.gentoo.org/proj/en/hardened/gnu-stack.xml
Kind Regards
James
After some analysis I just filed
<http://www.openoffice.org/issues/show_bug.cgi?id=70840>. However, that
issue is probably specific to OOo as built by Sun (and available for
download from the OOo web site). If your OOo at /usr/lib/openoffice is
instead built by some Linux distribution, your problem could be another
one (if libuno_sal.so.3 is not RWX for you, it might also be that issue
70840 only addresses a first problem, and we have to address further
problems once that is fixed).
Anyway, thanks for bringing this up,
-Stephan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
