[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jakarta-commons-dev
Subject:    [jira] [Commented] (DAEMON-346) Compile PROCRUN with Data Execution Prevention (DEP) flag
From:       "Gary Gregory (JIRA)" <jira () apache ! org>
Date:       2017-06-29 17:29:00
Message-ID: JIRA.12959538.1460958166000.136542.1498757340154 () Atlassian ! JIRA
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/DAEMON-346?page=com.atlassian.jira.plugin. \
system.issuetabpanels:comment-tabpanel&focusedCommentId=16068665#comment-16068665 ] 

Gary Gregory commented on DAEMON-346:
-------------------------------------

Mark,

I am glad to hear releasing is on your to do list!

Thank you,
Gary

> Compile PROCRUN with Data Execution Prevention (DEP) flag
> ---------------------------------------------------------
> 
> Key: DAEMON-346
> URL: https://issues.apache.org/jira/browse/DAEMON-346
> Project: Commons Daemon
> Issue Type: Wish
> Components: Procrun
> Affects Versions: 1.0.15
> Reporter: Hsehdar
> Priority: Critical
> Labels: build
> Fix For: 1.1
> 
> 
> h3. What was the activity?
> We are using PROCRUN to run Java app as service. This is distributed across a \
>                 network (more than 15,000). Our security team highlighted
> *Executables not compiled following best practices.*
> The application(s) and/or dll(s) are not compiled with
> modern day OS controls such as: ASLR, NX, or DEP.
> Although vulnerability was not discovered, if in the
> future there is one, remote code execution may be
> possible due to lack of operating system controls enabled
> on these executables.
> Is PROCRUN not compiled using DEP?
> PS: This is a not configuration/support request.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)


[prev in list] [next in list] [prev in thread] [next in thread]