[
https://issues.apache.org/jira/browse/DAEMON-346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15666625#comment-15666625
]
Mark Thomas commented on DAEMON-346:
------------------------------------
The plan, such as it is, is:
1. Fix all open bugs
2. Consider fixing all the open enhancement requests (simple requests with
patches are likely to get fixed. Complex requests without patches are likely
not to get fixed)
3. Release 1.1
In terms of timescale, hopefully the next month or so. This is currently top of
my TODO list but it depends what other tasks appear.
Help in terms of patches for open issues very much appreciated.
> Compile PROCRUN with Data Execution Prevention (DEP) flag
> ---------------------------------------------------------
>
> Key: DAEMON-346
> URL: https://issues.apache.org/jira/browse/DAEMON-346
> Project: Commons Daemon
> Issue Type: Wish
> Components: Procrun
> Affects Versions: 1.0.15
> Reporter: Hsehdar
> Priority: Critical
> Labels: build
> Fix For: 1.1
>
>
> h3. What was the activity?
> We are using PROCRUN to run Java app as service. This is distributed across a
> network (more than 15,000). Our security team highlighted
> *Executables not compiled following best practices.*
> The application(s) and/or dll(s) are not compiled with
> modern day OS controls such as: ASLR, NX, or DEP.
> Although vulnerability was not discovered, if in the
> future there is one, remote code execution may be
> possible due to lack of operating system controls enabled
> on these executables.
> Is PROCRUN not compiled using DEP?
> PS: This is a not configuration/support request.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
