From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
by finch.gentoo.org with esmtp (Exim 4.60)
(envelope-from <gentoo-dev+bounces-49535-garchives=archives.gentoo.org@lists.gentoo.org>)
id 1RpPGw-0001PJ-OT
for garchives@archives.gentoo.org; Mon, 23 Jan 2012 19:09:44 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id C0EF4E0AAC;
Mon, 23 Jan 2012 19:09:30 +0000 (UTC)
Received: from homiemail-a37.g.dreamhost.com (caiajhbdcagg.dreamhost.com [208.97.132.66])
by pigeon.gentoo.org (Postfix) with ESMTP id 7FBFBE0A5E
for <gentoo-dev@lists.gentoo.org>; Mon, 23 Jan 2012 19:08:53 +0000 (UTC)
Received: from homiemail-a37.g.dreamhost.com (localhost [127.0.0.1])
by homiemail-a37.g.dreamhost.com (Postfix) with ESMTP id CFA1120806E
for <gentoo-dev@lists.gentoo.org>; Mon, 23 Jan 2012 11:08:52 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=zx2c4.com; h=mime-version:date
:message-id:subject:from:to:cc:content-type; q=dns; s=zx2c4.com;
b=MbS4yGCNrT6idnF5IRsYJrWPNtBXK0JMkc+NSF8wPkGAsAh1rRSmydeQfwTJo
1995a3uC9errGESk9mTZwHONeJGOiWmMkGRl6XSsVojNvKxp0B/eNPd831rulb7m
aTfs63+3JLsWFb4Sl9kaUbplknHpUIXegcZc5/6Ei0eHRM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version
:date:message-id:subject:from:to:cc:content-type; s=zx2c4.com;
bh=7RUjzZSoG+MTnqDZRvbJIoBRtqQ=; b=Twk0MoWcJMYtsTfHW+hlCEHxGsBA
8wimrYIdw2X2WDYj69BoWmJ76qsc8RPmJi6t5axGkcwePohfFvKFPcyJVUhr+l7S
Ab4Jh0+zXaO7LjJ3XxcUwqeFWE5h0/fLnWA1Xc5KT4vLRLPdLKujrBZ0ZvD2KC+2
1W3wpPw2fXRvFug=
Received: from mail-qw0-f53.google.com (mail-qw0-f53.google.com [209.85.216.53])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(No client certificate requested)
(Authenticated sender: jason@zx2c4.com)
by homiemail-a37.g.dreamhost.com (Postfix) with ESMTPSA id 961CA20806B
for <gentoo-dev@lists.gentoo.org>; Mon, 23 Jan 2012 11:08:52 -0800 (PST)
Received: by qabg24 with SMTP id g24so1966524qab.19
for <gentoo-dev@lists.gentoo.org>; Mon, 23 Jan 2012 11:08:51 -0800 (PST)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.224.177.132 with SMTP id bi4mr10863048qab.79.1327345731368;
Mon, 23 Jan 2012 11:08:51 -0800 (PST)
Received: by 10.229.146.193 with HTTP; Mon, 23 Jan 2012 11:08:51 -0800 (PST)
Date: Mon, 23 Jan 2012 20:08:51 +0100
Message-ID: <CAHmME9oDzehZRbOM90u4viQa+xQuHQGyZfcvtqY-8JEWfDSUdA@mail.gmail.com>
Subject: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor?
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: "Diego E. Flameeyes" <flameeyes@gmail.com>
Cc: gentoo-dev@lists.gentoo.org
Content-Type: multipart/alternative; boundary=20cf302ef924cff7a004b736c284
X-Archives-Salt: 356b2e78-bb80-4930-bacc-775071bf519a
X-Archives-Hash: 8e3b66883aa4c885c44ec68f73dc44ac
--20cf302ef924cff7a004b736c284
Content-Type: text/plain; charset=ISO-8859-1
Hi Diego,
So I recently published this: http://blog.zx2c4.com/749 , a local priv
escalation. It doesn't work on Fedora because their /bin/su is compiled
with -pie. (They don't compile gpasswd with -pie though, so they're still
vulnerable.) In any case, what if we made it a policy in Gentoo to compile *
all* SUID binaries with PIE, to prevent against any types of future attacks
of this variety?
Jason
--20cf302ef924cff7a004b736c284
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hi Diego,<div><br></div><div>So I recently published this:=A0<a href=3D"htt=
p://blog.zx2c4.com/749">http://blog.zx2c4.com/749</a>=A0, a local priv esca=
lation. It doesn't work on Fedora because their /bin/su is compiled wit=
h -pie. (They don't compile gpasswd with -pie though, so they're st=
ill vulnerable.) In any case, what if we made it a policy in Gentoo to comp=
ile <i>all</i>=A0SUID binaries with PIE, to prevent against any types of fu=
ture attacks of this variety?</div>
<div><br></div><div>Jason<br clear=3D"all"><div><br></div>
</div>
--20cf302ef924cff7a004b736c284--