blockbench icon indicating copy to clipboard operation
blockbench copied to clipboard
verified publisher icon JannisX11

Harden the scrot binary

Open txtsd opened this issue 2 years ago • 2 comments

Detailed description of your suggestion

λ checksec --file=opt/blockbench/resources/app.asar.unpacked/node_modules/electron-color-picker/library/linux/linux-scrot/scrot
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH	Symbols		FORTIFY	Fortified	Fortifiable	FILE
Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No RUNPATH   No Symbols	 Yes	7		9		opt/blockbench/resources/app.asar.unpacked/node_modules/electron-color-picker/library/linux/linux-scrot/scrot

The scrot binary currently lacks FULL RELRO and is not built with PIE.

Please make it so that this binary is built with sufficient hardening.

txtsd avatar Oct 22 '23 14:10 txtsd

I don't know what most of these words mean, I am not a Linux person. This is just a dependency for the screen space color picker that is not owned by me and does not seem to be actively maintained. Does doing suggestion have any practical advantages?

JannisX11 avatar Dec 09 '23 22:12 JannisX11

Hardening binaries is basically reducing the ways in which your system can be attacked.

This binary seems to come from npmjs.com/package/electron-color-picker so there's no way to harden it. Hardening is done during compilation.

We could remove the dependency instead, as suggested in #2187.

txtsd avatar May 10 '24 10:05 txtsd