From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RpbHE-0003cd-TX for garchives@archives.gentoo.org; Tue, 24 Jan 2012 07:58:49 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D696CE0B37; Tue, 24 Jan 2012 07:58:37 +0000 (UTC) Received: from homiemail-a60.g.dreamhost.com (caiajhbdcagg.dreamhost.com [208.97.132.66]) by pigeon.gentoo.org (Postfix) with ESMTP id 43AEBE08B2 for ; Tue, 24 Jan 2012 07:58:06 +0000 (UTC) Received: from homiemail-a60.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a60.g.dreamhost.com (Postfix) with ESMTP id 1E6B13BC06C for ; Mon, 23 Jan 2012 23:58:05 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=zx2c4.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to: content-type; q=dns; s=zx2c4.com; b=GQ/mFeK3SFvJWIH3pZlphcyy9JIz kas6IGDqCd0lbJYBgQirr0WY8PhGhu9eFKXcjXxnD3c4U3Cmdm2YSNmlx8pmEPwU 8fVn0z1sqV3nMP7uWdANquaMc5FIhoe7xnjoLypQ2hb8xswlLx0vARo36tsd0rkG d1dwmNAR3e52n5c= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to: content-type; s=zx2c4.com; bh=d7w/DvzU2RV/K1fBM3vpoG7ss8I=; b=l8 TKs0FY4VukFOeVT6vqe+J4bZNiv/ASqrjFhfYOAd7XiMZC1eeHjtjZa92x1vUJ8X UWDq6n3Vb7zHBjYgtY/5H7hf50rQXK0tm6RdKwNliG7Pirr4YSHCBL1FnwPWPgF7 fLxNArIHgz8tDCtstYa8SWjsCRpbkuLGshxwVoPzw= Received: from mail-qw0-f46.google.com (mail-qw0-f46.google.com [209.85.216.46]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jason@zx2c4.com) by homiemail-a60.g.dreamhost.com (Postfix) with ESMTPSA id ECFF83BC06B for ; Mon, 23 Jan 2012 23:58:04 -0800 (PST) Received: by qadc10 with SMTP id c10so2298004qad.19 for ; Mon, 23 Jan 2012 23:57:59 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.224.193.66 with SMTP id dt2mr12044983qab.92.1327391879418; Mon, 23 Jan 2012 23:57:59 -0800 (PST) Received: by 10.229.146.193 with HTTP; Mon, 23 Jan 2012 23:57:59 -0800 (PST) In-Reply-To: <4F1DDCCF.9080304@gentoo.org> References: <1327346549.60706.35.camel@titan.home.flameeyes.eu> <1327347460.60706.44.camel@titan.home.flameeyes.eu> <4F1DDCCF.9080304@gentoo.org> Date: Tue, 24 Jan 2012 08:57:59 +0100 Message-ID: Subject: Re: [gentoo-dev] Re: Can we get PIE on all SUID binaries by default, por favor? From: "Jason A. Donenfeld" To: gentoo-dev@lists.gentoo.org Content-Type: multipart/alternative; boundary=20cf30050e6873528904b741817a X-Archives-Salt: bc5dcfe6-0a3f-40f1-8e2f-d40fc13a8bc6 X-Archives-Hash: d0728f3ecba07fae7a7175c482961b5a --20cf30050e6873528904b741817a Content-Type: text/plain; charset=ISO-8859-1 On Mon, Jan 23, 2012 at 23:18, Zac Medico wrote: > > We've got experimental support for FEATURES=xattr since > portage-2.2.0_alpha80. We can include that in the next portage-2.1.x > release. > Awesome. If possible though, let's keep the no-SUID-ever discussion for another thread, as xattr still raises the same point this thread is focused on: if they're not PIE, they can be easily injected, and their "xattr"s utilized for nefarious means. > -- > Thanks, > Zac > > --20cf30050e6873528904b741817a Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

On Mon, Jan 23, 2012 at 23:18, Zac Medic= o <zmedico@gento= o.org> wrote:
We've got experimental support for FEATURES=3Dxattr since
portage-2.2.0_alpha80. We can include that in the next portage-2.1.x
release.

Awesome. If possible though, l= et's keep the no-SUID-ever discussion for another thread, as xattr stil= l raises the same point this thread is focused on: if they're not PIE, = they can be easily injected, and their "xattr"s utilized for nefa= rious means.
=A0
--
Thanks,
Zac

--20cf30050e6873528904b741817a--