from Hacker News

Linux Struck by Exploitable Root Access Sudo Vulnerability, Patch ASAP

by whatl3y on 1/27/21, 5:02 PM with 2 comments

  • by chasil on 1/27/21, 9:05 PM

    I know that the article specifically says that ASLR was defeated, but I wonder if these other compiler/linker mitigations prevent (some of) these vulnerabilities (specifically fortify)?

    The "hardening-check" perl script is available from EPEL on redhat platforms. Here I use it to report mitigations in an old FWTK component that I use for an internal legacy system.

        $ hardening-check /home/fwjail/usr/local/etc/ftp-gw
        /home/fwjail/usr/local/etc/ftp-gw:
        Position Independent Executable: yes
        Stack protected: yes
        Fortify Source functions: yes (some protected functions found)
        Read-only relocations: yes
        Immediate binding: yes
    
        $ rpm -qi hardening-check | grep ^URL
        URL : http://packages.debian.org/hardening-wrapper
  • by technofiend on 1/27/21, 6:11 PM