Samba Root CVE-2012-1182 - Possibly countered with hardening@compiletime ?
Hi,
Regarding https://www.samba.org/samba/security/CVE-2012-1182
I'm currently step-by-step looking into compiling my own debs and
recompiling existing once ( ignoring that optimisations are often
overrated ) What i'm most interested in though is the
hardening@compile-time of packages. Even if this means generic
protection. Thinking some is better then none. For this i've, so far,
used hardening-wrapper and hardening-includes packages. Though i'm not
sure if i'm even using hardening-includes correctly at this time i
dare to present a question.
Part of the description of the CVE reads :
"The flaw caused checks on the variable containing the length of an
allocated array to be done independently from the checks on the
variable used to allocate the memory for that array. As both these
variables are controlled by the connecting client it makes it possible
for a specially crafted RPC call to cause the server to execute
arbitrary code."
Would recompiling with a DEB_BUILD_HARDENING=1 and corresponding
configuration as below in /etc/hardening-wrapper.conf have mitigated
against this particular exploit vector ? Though part of the attack
depends on logic i assume the 'specially crafted RPC call' could've
been mitigated against.
*glops* My /etc/hardening-wrapper.conf looks like
DEB_BUILD_HARDENING=1
DEB_BUILD_HARDENING_DEBUG=0
DEB_BUILD_HARDENING_STACKPROTECTOR=1
DEB_BUILD_HARDENING_RELRO=1
DEB_BUILD_HARDENING_FORTIFY=1
DEB_BUILD_HARDENING_PIE=1
DEB_BUILD_HARDENING_FORMAT=1
Any and all references are welcome for discussion and study.
Thank you for your consideration,
St-Crusty
--
- - -
Security Avert *
* If you think I deserve a rant, write me off-list
Reply to: