[Pidgin] #15290: Compile everything with secure flags

Pidgin trac at pidgin.im
Sun Aug 26 20:02:08 EDT 2012

#15290: Compile everything with secure flags
 Reporter:  DrWhax                   |     Owner:  rekkanoryo
     Type:  defect                   |    Status:  new       
Component:  unclassified             |   Version:  2.10.6    
 Keywords:  security aslr dep build  |  

 I tested out if Pidgin.exe had secure flags enabled like ASLR and DEP
 protection. This wasn't the case and should really be build with ASLR and
 DEP enforced on the binary.

 The DLL's shipped with Pidgin are not build with secure flags either. I
 compiled a list using BinScope here:
 http://cryptohub.nl/pidgin/pidgin.html also see #15286

 At the moment exploitation of Pidgin is like '90's style, anybody can do
 it with zero to no skills...

 I hope we can come up with a secure build sequence which will guarantee,
 NX, DEP, ASLR, /GS, SafeSEH(am I missing something?)

Ticket URL: <http://developer.pidgin.im/ticket/15290>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list