[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
NetBSD 5.x security
I made some research and I found following issues on NetBSD 5.x / i386
in features described in security(8):
a) Bug described in:
still exists and made ASLR unusable (random crashes, frequently
in applications linked with '-ltph').
b) System built witch MKPIE doesn't work at all, init still panics,
as described in:
- I tested botch cases. Yes, this doesn't work.
2. SSP (Stack Smashing Protection) is disabled by default:
(Interesting: looks like FreeBSD 8 has stack protection enabled by
3. CVE-2009-2793 problem, described in:
http://seclists.org/fulldisclosure/2009/Sep/221 was fixed in Jan 2010
but still isn't backported to stable branch, so any local user can
cause panic on "stable" NetBSD 5.x installation (I test it). Is any
Did I miss something? I'm curious to know, how looks current TODO for
security in NetBSD: will be these issues fixed, or - maybe - some features
will be removed from distribution (or from specific ports)?
Piotr 'aniou' Meyer
Main Index |
Thread Index |