security - Add stack protection removal flags to apache compilation script -
for study purposes i'd test buffer overflow exploits on old 1.3.x version of apache webserver. anyway have stack protection on, doesn't work or @ least think doesn't reason. in order disable protections have compile these flags:
-fno-stack-protector -z execstack
but don't know how add them apache compilation process..i never did this! can me?
try:
cflags="-fno-stack-protector" ldflags="-z execstack" ./configure [...]
cflags
compiler, execstack
linker option, should go in ldflags
. or, if supported can compiler pass linker options -with -wl
, so:
cflags="-fno-stack-protector -wl,-z,execstack" ./configure [...]
see install
file in apache source archive more details.
it's useful inspect or compare generated top-level makefile
, should see parameters in either or both of extra_cflags
, extra_ldflags
.
given task have, if you're running linux distribution has periodic pre-linking , aslr task, should check install apache path not processed, otherwise testing might complicated when apache binary "fixed" 1 night...
check if prelink
installed with
dpkg -l prelink # ubuntu/debian derived rpm -qv prelink # centos/red hat derived
and check configuration (usually) in /etc/prelink.conf
, 1 of: /etc/defaults/prelink
or /etc/sysconfig/prelink
.
on ubuntu (but not on centos/rh) directories under /usr/local/
(bin
, sbin
, lib
) are included processing. if install apache default /usr/local/apache
should untouched, or if want thorough can add directory blacklist (-b
) line /etc/prelink.conf
Comments
Post a Comment