[Pidgin] #15290: Compile everything with secure flags
Pidgin
trac at pidgin.im
Sun Aug 26 20:02:08 EDT 2012
#15290: Compile everything with secure flags
-------------------------------------+--------------------------------------
Reporter: DrWhax | Owner: rekkanoryo
Type: defect | Status: new
Component: unclassified | Version: 2.10.6
Keywords: security aslr dep build |
-------------------------------------+--------------------------------------
Hi,
I tested out if Pidgin.exe had secure flags enabled like ASLR and DEP
protection. This wasn't the case and should really be build with ASLR and
DEP enforced on the binary.
The DLL's shipped with Pidgin are not build with secure flags either. I
compiled a list using BinScope here:
http://cryptohub.nl/pidgin/pidgin.html also see #15286
At the moment exploitation of Pidgin is like '90's style, anybody can do
it with zero to no skills...
I hope we can come up with a secure build sequence which will guarantee,
NX, DEP, ASLR, /GS, SafeSEH(am I missing something?)
--
Ticket URL: <http://developer.pidgin.im/ticket/15290>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list