[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Multiple libraries privilege checking
From: Sebastian Krahmer <krahmer () suse ! de>
Date: 2011-05-23 6:39:51
Message-ID: 20110523063951.GA2611 () suse ! de
[Download RAW message or body]
On Thu, May 19, 2011 at 12:45:23AM +0400, Solar Designer wrote:
> On Tue, May 17, 2011 at 01:18:33PM +0200, Sebastian Krahmer wrote:
> > I uploaded a openssl-1.0.0d patch to
> >
> > http://suse.de/~krahmer/libs-vs-fscaps
>
> Thank you!
>
> > The prefered way is to check the dumpable flag via prctl() which
> > is detected by the config script.
>
> This is fail-open (at build time). If the -e "/usr/include/sys/prctl.h"
> check somehow fails, we silently get an insecure build. Of course,
Honestly, that was the easiest I could do in that time frame. The openssl
config is a bit weird to me and the openssl project is not even providing
distclean source tarballs for download (they contain symlinks etc.).
It is also rather meant as a help for upstream which they could use as a base.
I am sure they know better how to combine it with their config scripts
and I am happy with changes as long as our resulting binary contains
the hardening. I will try to ping the openssl developers about it.
Sebastian
--
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@suse.de - SuSE Security Team
---
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic