Il giorno lun, 23/01/2012 alle 20.26 +0100, Jason A. Donenfeld ha scritto: > When ASLR is turned on, the .text section of executables compiled with > PIE is given a randomized base address. When ASLR is off or when PIE > is not used, the base address is predictable, so it's easy to find > where to write into.
Yup, I know that. I was just making sure that the actual prevention came from ASLR and not PIE by itself. Both because there is at least one sci-math package that cannot build with ASLR (randomize_va_space) turned on, and because it would have disproven my old blog post: http://blog.flameeyes.eu/2009/11/02/the-pie-is-not-exactly-a-lie > Doesn't portage already have a check on SUID executables where it > checks to see if they meet a certain standard and also strips them of > read capabilities? Couldn't we just add a Q&A blurb to this, so that > if any SUID executables are merged that aren't PIE, there's a nice > yellow warning? And then gradually package maintainers would add the > required patches? Stripping a compiled file of read permissions is quick, painless and (mostly) safe from errors. Changing the way it is compiled.. not so much. I'm not saying that it's not a good idea, but if we want to proceed with this, there has to be someone who goes to look at all the packages and corrects them. I've not been running the tinderbox for a while both because I have very little time to _file_ bugs, but more importantly because, being there to file bugs only, without the time to tackle them, the result was a bunch of grumpy devs who either needed to repeat the test on a new version, as the bug became stale, or found me positively annoying as I didn't fix the stuff myself. That said, I could fix up the tinderbox and make it run again, no problem there. I could even try to find the time to look at the logs and/or see if s3fs allows me to publish them for someone to look through them... and definitely identifying all the packages installing suid binaries is easier than looking through all the logs. But I'd rather not do that unless there is enough consensus that we'll be tackling the issue. -- Diego Elio Pettenò <flamee...@gentoo.org> Gentoo Linux
signature.asc
Description: This is a digitally signed message part
