commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Thomas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DAEMON-346) Compile PROCRUN with Data Execution Prevention (DEP) flag
Date Thu, 29 Jun 2017 10:19:00 GMT

    [ https://issues.apache.org/jira/browse/DAEMON-346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16068125#comment-16068125
] 

Mark Thomas commented on DAEMON-346:
------------------------------------

It is on the TODO list but I don't have a date in mind at the moment.

> Compile PROCRUN with Data Execution Prevention (DEP) flag
> ---------------------------------------------------------
>
>                 Key: DAEMON-346
>                 URL: https://issues.apache.org/jira/browse/DAEMON-346
>             Project: Commons Daemon
>          Issue Type: Wish
>          Components: Procrun
>    Affects Versions: 1.0.15
>            Reporter: Hsehdar
>            Priority: Critical
>              Labels: build
>             Fix For: 1.1
>
>
> h3. What was the activity?
> We are using PROCRUN to run Java app as service. This is distributed across a network
(more than 15,000). Our security team highlighted
> *Executables not compiled following best practices.*
> The application(s) and/or dll(s) are not compiled with
> modern day OS controls such as: ASLR, NX, or DEP.
> Although vulnerability was not discovered, if in the
> future there is one, remote code execution may be
> possible due to lack of operating system controls enabled
> on these executables.
> Is PROCRUN not compiled using DEP?
> PS: This is a not configuration/support request.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message