i recently read a german article at heise.de* and there is a hint that bash not optimized for ASLR could lead in make some attacks easier once again the question: should not *every* package be a hardened build to be better safe than sorry? last year i opened a bugreport in case of perl which is often used also for long running services (smokeping, mailgraph, spamassassin) to get it hardened and it was closed with "WONTFIX" but maybe the times have changed https://bugzilla.redhat.com/show_bug.cgi?id=984185 __________________________________________________________ * http://www.heise.de/open/meldung/ShellShock-Teil-3-Noch-drei-Sicherheitsprobleme-bei-der-Bash-2404788.html "dabei spiele Angreifern in die Hände, dass die Bash häufig nicht für Address Space Layout Randomization (ASLR) compiliert sei"
Attachment:
signature.asc
Description: OpenPGP digital signature
-- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
