Uploaded image for project: 'Puppet Agent'
  1. Puppet Agent
  2. PA-1406

Enable DEP support in Windows version of Puppet agent binaries

    XMLWordPrintable

    Details

    • Template:
    • Acceptance Criteria:
      Hide

      All binaries, as build from puppet-agent, including 3rd party components should have nxcompat and ASLR flags enabled.

      Show
      All binaries, as build from puppet-agent, including 3rd party components should have nxcompat and ASLR flags enabled.
    • Team:
      Security
    • Story Points:
      3
    • Release Notes:
      Security Fix
    • Release Notes Summary:
      Hide
      As part of security robustness measure, this change enables data execution prevention (aka /NX) and address space layout randomization (ASLR) in windows versions of third party binaries like ruby, openssl built along with puppet agent modules. There was no specific known vulnerability but this minimizes chances of anyone exploiting any unknown vulnerabilities while taking advantage of above as attack vectors.
      Show
      As part of security robustness measure, this change enables data execution prevention (aka /NX) and address space layout randomization (ASLR) in windows versions of third party binaries like ruby, openssl built along with puppet agent modules. There was no specific known vulnerability but this minimizes chances of anyone exploiting any unknown vulnerabilities while taking advantage of above as attack vectors.
    • QA Risk Assessment:
      No Action

      Description

      Being done to meet some customer's security audit requirement to have all puppet agent binaries (exe's, dll's) to set nxcompat, aslr flags.

        Attachments

          Activity

            People

            Assignee:
            jayant.sane Jayant Sane
            Reporter:
            jayant.sane Jayant Sane
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support