commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hsehdar (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DAEMON-346) Compile PROCRUN with Data Execution Prevention (DEP) flag
Date Mon, 18 Apr 2016 05:43:25 GMT
Hsehdar created DAEMON-346:
------------------------------

             Summary: Compile PROCRUN with Data Execution Prevention (DEP) flag
                 Key: DAEMON-346
                 URL: https://issues.apache.org/jira/browse/DAEMON-346
             Project: Commons Daemon
          Issue Type: Wish
          Components: Procrun
    Affects Versions: 1.0.15
            Reporter: Hsehdar
            Priority: Critical


h3. What was the activity?

We are using PROCRUN to run Java app as service. This is distributed across a network (more
than 15,000). Our security team highlighted

*Executables not compiled following best practices.*
The application(s) and/or dll(s) are not compiled with
modern day OS controls such as: ASLR, NX, or DEP.
Although vulnerability was not discovered, if in the
future there is one, remote code execution may be
possible due to lack of operating system controls enabled
on these executables.

Is PROCRUN not compiled using DEP?

PS: This is a not configuration/support request.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message