[prev in list] [next in list] [prev in thread] [next in thread]
List: jakarta-commons-dev
Subject: [jira] [Commented] (DAEMON-346) Compile PROCRUN with Data Execution Prevention (DEP) flag
From: "Gary Gregory (JIRA)" <jira () apache ! org>
Date: 2017-06-29 17:29:00
Message-ID: JIRA.12959538.1460958166000.136542.1498757340154 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/DAEMON-346?page=com.atlassian.jira.plugin. \
system.issuetabpanels:comment-tabpanel&focusedCommentId=16068665#comment-16068665 ]
Gary Gregory commented on DAEMON-346:
-------------------------------------
Mark,
I am glad to hear releasing is on your to do list!
Thank you,
Gary
> Compile PROCRUN with Data Execution Prevention (DEP) flag
> ---------------------------------------------------------
>
> Key: DAEMON-346
> URL: https://issues.apache.org/jira/browse/DAEMON-346
> Project: Commons Daemon
> Issue Type: Wish
> Components: Procrun
> Affects Versions: 1.0.15
> Reporter: Hsehdar
> Priority: Critical
> Labels: build
> Fix For: 1.1
>
>
> h3. What was the activity?
> We are using PROCRUN to run Java app as service. This is distributed across a \
> network (more than 15,000). Our security team highlighted
> *Executables not compiled following best practices.*
> The application(s) and/or dll(s) are not compiled with
> modern day OS controls such as: ASLR, NX, or DEP.
> Although vulnerability was not discovered, if in the
> future there is one, remote code execution may be
> possible due to lack of operating system controls enabled
> on these executables.
> Is PROCRUN not compiled using DEP?
> PS: This is a not configuration/support request.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic