SoftEtherVPN
SoftEtherVPN copied to clipboard
SoftEtherVPN
[security] SoftEther linux client/server has executable stack by default
Prerequisites
- [X] Can you reproduce?
- [X] Are you running the latest version of SoftEtherVPN?
SoftEther version: softether-vpnclient-v4.43-9799-beta-2023.08.31-linux-x64-64bit and softether-vpnserver-v4.43-9799-beta-2023.08.31-linux-x64-64bit Component: [Server, Client] Operating system: [Linux (Linux laptop 6.1.0-18-amd64, Debian 6.1.76-1 (2024-02-01) x86_64)] Architecture: [64 bit] Processor: [Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz]
Description
The binary executable vpnclient has excutable stack. This is very very dangerous.
I discovered this problem when I am viewing dmesg output. There is a log saying:
[ 10.438829] process 'usr/share/vpnclient/vpnclient' started with executable stack
I used execstack (If you can't install it with apt, you can download deb package at https://packages.debian.org/buster/amd64/execstack/download) to verify that vpnclient uses executable stack, and the result is that it uses it:
nictheboy@laptop:~$ execstack /usr/share/vpnclient/vpnclient
X /usr/share/vpnclient/vpnclient
According to manpage, execstack prints either - when executable stack is not required, X when executable stack is required or ? when it is unknown whether the object requires or doesn't require executable stack (the marking is missing). The 'X' in output marks that vpnclient uses an executable stack.
I used execstack to cleared the executable stack flag, and I found that vpnclient works very well till now, so I guess it's unnecessary to use executable stack.
nictheboy@laptop:~$ execstack -c /usr/share/vpnclient/vpnclient
nictheboy@laptop:~$ execstack -q /usr/share/vpnclient/vpnclient
- /usr/share/vpnclient/vpnclient
The situation of vpnserver is the same.
How to fix
According to here, we can add '-z noexecstack' to gcc compile options. Adding '-z noexecstack' to 'OPTIONS' in Makefile solves the problem on my PC.
Although this is not a vulnerability, it makes it much easier to exploit a vulnerability. Considering vpnserver and vpnclient is often used as network daemon on servers, security issues need to be considered seriously.
sorry, somehow you've chosen wrong route.
in this issue tracker we discuss SoftEtherVPN Developer Edition, which is versioned 5.x 4.x is for SoftEtherVPN Stable Edition
while your concern totally make sense, it should be addressed either to debian packaging or SE Stable Edition itself.
if they guide you to this tracker, please ask them to point you to right direction instead
in this issue tracker we discuss SoftEtherVPN Developer Edition, which is versioned 5.x 4.x is for SoftEtherVPN Stable Edition
@chipitsine, where can I find more information about SE editions? Where can we obtain a roadmap for coming versions? Will new features or fixes be back-ported from DE to SE? I admit I've dared building 5.x and discovered different resulting files.
in this issue tracker we discuss SoftEtherVPN Developer Edition, which is versioned 5.x 4.x is for SoftEtherVPN Stable Edition
@chipitsine, where can I find more information about SE editions? Where can we obtain a roadmap for coming versions? Will new features or fixes be back-ported from DE to SE? I admit I've dared building 5.x and discovered different resulting files.
www.vpnusers.com
