You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Mark Thomas (JIRA)" <ji...@apache.org> on 2016/11/04 09:44:58 UTC
[jira] [Resolved] (DAEMON-346) Compile PROCRUN with Data Execution
Prevention (DEP) flag
[ https://issues.apache.org/jira/browse/DAEMON-346?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mark Thomas resolved DAEMON-346.
--------------------------------
Resolution: Fixed
Fix Version/s: 1.1
Added the /DYNAMICBASE and /NXCOMPAT switches for the Windows binaries.
> Compile PROCRUN with Data Execution Prevention (DEP) flag
> ---------------------------------------------------------
>
> Key: DAEMON-346
> URL: https://issues.apache.org/jira/browse/DAEMON-346
> Project: Commons Daemon
> Issue Type: Wish
> Components: Procrun
> Affects Versions: 1.0.15
> Reporter: Hsehdar
> Priority: Critical
> Labels: build
> Fix For: 1.1
>
>
> h3. What was the activity?
> We are using PROCRUN to run Java app as service. This is distributed across a network (more than 15,000). Our security team highlighted
> *Executables not compiled following best practices.*
> The application(s) and/or dll(s) are not compiled with
> modern day OS controls such as: ASLR, NX, or DEP.
> Although vulnerability was not discovered, if in the
> future there is one, remote code execution may be
> possible due to lack of operating system controls enabled
> on these executables.
> Is PROCRUN not compiled using DEP?
> PS: This is a not configuration/support request.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)