On Mon, Mar 19, 2012 at 05:00:46PM -0400, Simon Deziel wrote: > I just installed a fresh VM to test this and hardening-check still shows > the same (bad) output : > > # dpkg -l| grep openvpn > ii openvpn 2.2.1-7 virtual > private network daemon
> Am I doing something wrong ?
Dunno. But the output is NOT the same:
# dpkg -i openvpn_2.2.1-5_i386.deb
# hardening-check /usr/sbin/openvpn /usr/lib/openvpn/openvpn-down-root.so
/usr/lib/openvpn/openvpn-auth-pam.so | grep yes
/usr/sbin/openvpn:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
/usr/lib/openvpn/openvpn-down-root.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, only unprotected functions found!
Read-only relocations: no, not found!
Immediate binding: no not found!
/usr/lib/openvpn/openvpn-auth-pam.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, only unprotected functions found!
Read-only relocations: no, not found!
Immediate binding: no not found!
#
# dpkg -i openvpn_2.2.1-7_i386.deb
# hardening-check /usr/sbin/openvpn /usr/lib/openvpn/openvpn-down-root.so
/usr/lib/openvpn/openvpn-auth-pam.so | grep yes
/usr/sbin/openvpn:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
/usr/lib/openvpn/openvpn-down-root.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
/usr/lib/openvpn/openvpn-auth-pam.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
#
The difference is clear. Plugins get "Fortify Source functions:" and
"Read-only relocations:". Only openvpn-auth-pam.so gets "Stack
protected", but I'm not an expert on this issue so I don't know the
reason for that.
Regards,
Alberto
--
Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred | http://inittab.com
Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
