Hsehdar created DAEMON-346:
------------------------------
Summary: Compile PROCRUN with Data Execution Prevention (DEP) flag
Key: DAEMON-346
URL: https://issues.apache.org/jira/browse/DAEMON-346
Project: Commons Daemon
Issue Type: Wish
Components: Procrun
Affects Versions: 1.0.15
Reporter: Hsehdar
Priority: Critical
h3. What was the activity?
We are using PROCRUN to run Java app as service. This is distributed across a
network (more than 15,000). Our security team highlighted
*Executables not compiled following best practices.*
The application(s) and/or dll(s) are not compiled with
modern day OS controls such as: ASLR, NX, or DEP.
Although vulnerability was not discovered, if in the
future there is one, remote code execution may be
possible due to lack of operating system controls enabled
on these executables.
Is PROCRUN not compiled using DEP?
PS: This is a not configuration/support request.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
