security - Add stack protection removal flags to apache compilation script -

-

for study purposes i'd test buffer overflow exploits on old 1.3.x version of apache webserver. anyway have stack protection on, doesn't work or @ least think doesn't reason. in order disable protections have compile these flags:

-fno-stack-protector -z execstack

but don't know how add them apache compilation process..i never did this! can me?

try:

cflags="-fno-stack-protector" ldflags="-z execstack" ./configure [...]

cflags compiler, execstack linker option, should go in ldflags. or, if supported can compiler pass linker options -with -wl, so:

cflags="-fno-stack-protector -wl,-z,execstack" ./configure [...]

see install file in apache source archive more details.

it's useful inspect or compare generated top-level makefile, should see parameters in either or both of extra_cflags , extra_ldflags.

given task have, if you're running linux distribution has periodic pre-linking , aslr task, should check install apache path not processed, otherwise testing might complicated when apache binary "fixed" 1 night...

check if prelink installed with

 dpkg -l prelink      # ubuntu/debian derived  rpm -qv prelink      # centos/red hat derived

and check configuration (usually) in /etc/prelink.conf , 1 of: /etc/defaults/prelink or /etc/sysconfig/prelink .

on ubuntu (but not on centos/rh) directories under /usr/local/ (bin, sbin, lib) are included processing. if install apache default /usr/local/apache should untouched, or if want thorough can add directory blacklist (-b) line /etc/prelink.conf


Comments

Post a Comment

Popular posts from this blog

ruby - Trying to change last to "x"s to 23 -

-
i have been playing around irb , have string looks this: irb(main):072:0> puts ["[\"4354 5432 5432 xxxxx\", \"6547 6547 8543 xxxxx\", \"2344 6543 6674 xxxxx\", \"2346 6236 7543 xxxxx\", \"1273 5585 5587 xxxxx\"]"] => nil irb(main):073:0> what want gsub last 2 "x" s of each 17 digit combination, 23 . what i've tried far (i've been using rubular): a.gsub(/\d[x]/,"23") <= grabs "x" s i'm close a.gsub(/\w[x{2}]/,"23") <= grabs "x" s grabs two digits each combination. is there easier way i'm not understanding? a.gsub(/\d{4} \d{4} \d{4} xxx\kxx/, '23') \d{4} = 4 digits what \k drop matched far. can use don't replace entire number, still able validate have in desired format.
Read more

jquery - Clone last and append item to closest class -

-
this bare-bones code on page: <div class="list-container"> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> </div> <p><button class="add-list-item">add</button></p> <div class="list-container"> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> </div> <p><button class="add-list-item">add</button></p> <di
Read more

c - Unrecognised emulation mode: elf_i386 on MinGW32 -

-
i'm trying make kernel, , cannot link c output assembly. ld . i'm getting error: unrecognized emulation mode: elf_i386 i'm using windows 10 professional mingw32 , msys. code using: link.ld /* * link.ld */ output_format(elf32-i386) entry(start) sections { . = 0x100000; .text : { *(.text) } .data : { *(.data) } .bss : { *(.bss) } } kernel.c /* * kernel.c */ void kmain(void) { const char *str = "my first kernel"; char *vidptr = (char*)0xb8000; //video mem begins here. unsigned int = 0; unsigned int j = 0; /* loops clears screen * there 25 lines each of 80 columns; each element takes 2 bytes */ while(j < 80 * 25 * 2) { /* blank character */ vidptr[j] = ' '; /* attribute-byte - light grey on black screen */ vidptr[j+1] = 0x07; j = j + 2; } j = 0; /* loop writes string video memory */ while(str[j] != '\0') { /
Read more