You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
nictheboy@laptop:~$ execstack /usr/share/vpnclient/vpnclient
X /usr/share/vpnclient/vpnclient
According to manpage, execstack prints either - when executable stack is not required, X when executable stack is required or ? when it is unknown whether the object requires or doesn't require executable stack (the marking is missing). The 'X' in output marks that vpnclient uses an executable stack.
I used execstack to cleared the executable stack flag, and I found that vpnclient works very well till now, so I guess it's unnecessary to use executable stack.
According to here, we can add '-z noexecstack' to gcc compile options. Adding '-z noexecstack' to 'OPTIONS' in Makefile solves the problem on my PC.
Although this is not a vulnerability, it makes it much easier to exploit a vulnerability. Considering vpnserver and vpnclient is often used as network daemon on servers, security issues need to be considered seriously.
The text was updated successfully, but these errors were encountered:
in this issue tracker we discuss SoftEtherVPN Developer Edition, which is versioned 5.x
4.x is for SoftEtherVPN Stable Edition
@chipitsine, where can I find more information about SE editions? Where can we obtain a roadmap for coming versions? Will new features or fixes be back-ported from DE to SE?
I admit I've dared building 5.x and discovered different resulting files.
in this issue tracker we discuss SoftEtherVPN Developer Edition, which is versioned 5.x
4.x is for SoftEtherVPN Stable Edition
@chipitsine, where can I find more information about SE editions? Where can we obtain a roadmap for coming versions? Will new features or fixes be back-ported from DE to SE? I admit I've dared building 5.x and discovered different resulting files.
Prerequisites
SoftEther version: softether-vpnclient-v4.43-9799-beta-2023.08.31-linux-x64-64bit and softether-vpnserver-v4.43-9799-beta-2023.08.31-linux-x64-64bit
Component: [Server, Client]
Operating system: [Linux (Linux laptop 6.1.0-18-amd64, Debian 6.1.76-1 (2024-02-01) x86_64)]
Architecture: [64 bit]
Processor: [Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz]
Description
The binary executable
vpnclient
has excutable stack. This is very very dangerous.I discovered this problem when I am viewing
dmesg
output. There is a log saying:I used
execstack
(If you can't install it with apt, you can download deb package at https://packages.debian.org/buster/amd64/execstack/download) to verify thatvpnclient
uses executable stack, and the result is that it uses it:nictheboy@laptop:~$ execstack /usr/share/vpnclient/vpnclient X /usr/share/vpnclient/vpnclient
According to manpage,
execstack
prints either - when executable stack is not required, X when executable stack is required or ? when it is unknown whether the object requires or doesn't require executable stack (the marking is missing). The 'X' in output marks thatvpnclient
uses an executable stack.I used
execstack
to cleared the executable stack flag, and I found thatvpnclient
works very well till now, so I guess it's unnecessary to use executable stack.The situation of
vpnserver
is the same.How to fix
According to here, we can add '-z noexecstack' to gcc compile options. Adding '-z noexecstack' to 'OPTIONS' in Makefile solves the problem on my PC.
Although this is not a vulnerability, it makes it much easier to exploit a vulnerability. Considering
vpnserver
andvpnclient
is often used as network daemon on servers, security issues need to be considered seriously.The text was updated successfully, but these errors were encountered: