Re: [PATCH] PIE support

2005-01-21 Thread Rüdiger Plüm 

Justin Erenkrantz wrote:
--On Friday, January 21, 2005 2:46 PM + Joe Orton 
<[EMAIL PROTECTED]> wrote:

Modern versions of GCC/binutils/... support flags which allow building
"Position Independent Executables".  This a Security Feature (TM) which
means that executables can be loaded at non-fixed locations, making it
harder to write some types of exploit.
...
Any objections for committing to the trunk?

I'm fine with it in trunk, but I'd be against a 2.0 backport...  -- justin
What is the reason against a backport?
As far as I know (Joe please correct me if I am wrong) it is already used
for the Apache 2.0.x delivered with Red Hat AS 3.0 Upgrade 3 (and maybe 
Fedora???).
So there is actually some test base for running Apache compiled with this 
option.
I was also able to compile my own Apache and run it successfully on Red Hat AS 
3.0
with this compiler option enabled.
As the patch does not seem to make --enable-pie a default and this option only 
works
on systems which have a supporting gcc installed I do not understand why it 
should
not be backported.
Regards
RÃdiger

Calling for LDAP testers

2005-01-21 Thread Graham Leggett 
Hi all,
The APR(-util) 1.1.x branch is now at RC1, and a number of LDAP build 
fixes for SSL/TLS uspport for Solaris v2.8 and v2.9 and Novell have been 
committed to the v1.1.x branch. The SSL support in the Microsoft LDAP 
SDK still needs to be tested, as well as on other unix platforms.

httpd trunk with the APR v1.1.x latest branch should compile and work 
with SSL/TLS and client certs (on condition the LDAP toolkit supports 
it), it would be useful to get some testing in before APR v1.1.0 goes final.

It would also be cool if people could give feedback on the LDAP 
documentation to see if it makes sense to anybody. Any takers?

Regards,
Graham
--


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [PATCH] PIE support

2005-01-21 Thread William A. Rowe, Jr. 
I'm wondering - we already have a pretty massive list of odds-n-ends
option flags...

does it make sense to;

  1. make this default for GCC builds?

  2. document how to use LDFLAGS/CFLAG to accomplish the same?

It seems the mechanism already exists and proliferating flags
gets a bit nutty.  If we accept 1. above, then a flag to disable
this feature seems sane.  If we don't, it seems that libtool would
be an even better place to teach "build PIE always" for those
concerned with the possible security benefits.

Bill

At 12:52 PM 1/21/2005, Justin Erenkrantz wrote:
>--On Friday, January 21, 2005 2:46 PM + Joe Orton <[EMAIL PROTECTED]> 
>wrote:
>
>>Modern versions of GCC/binutils/... support flags which allow building
>>"Position Independent Executables".  This a Security Feature (TM) which
>>means that executables can be loaded at non-fixed locations, making it
>>harder to write some types of exploit.
>...
>>Any objections for committing to the trunk?
>
>I'm fine with it in trunk, but I'd be against a 2.0 backport...  -- justin
>

Re: [PATCH] PIE support

2005-01-21 Thread Justin Erenkrantz 
--On Friday, January 21, 2005 2:46 PM + Joe Orton <[EMAIL PROTECTED]> 
wrote:

Modern versions of GCC/binutils/... support flags which allow building
"Position Independent Executables".  This a Security Feature (TM) which
means that executables can be loaded at non-fixed locations, making it
harder to write some types of exploit.
...
Any objections for committing to the trunk?
I'm fine with it in trunk, but I'd be against a 2.0 backport...  -- justin

[PATCH] PIE support

2005-01-21 Thread Joe Orton 
Modern versions of GCC/binutils/... support flags which allow building
"Position Independent Executables".  This a Security Feature (TM) which
means that executables can be loaded at non-fixed locations, making it
harder to write some types of exploit.

It's slightly awkward to build httpd like this, since the compiler flag
-fPIE must only be used when compiling an object which will not be
linked into a shared object i.e. libapr or any DSO.  Below is a patch
which threads the flags into the right places and adds a configure flag
"--enable-pie" to turn it all on.

(it's an optional feature since PIE binaries confuse some debuggers so
you don't necessarily want it on-by-default even if the toolchain
supports the flags)

Any objections for committing to the trunk?

Index: configure.in
===
--- configure.in(revision 125927)
+++ configure.in(working copy)
@@ -394,6 +394,29 @@
   APR_ADDTO(CPPFLAGS, -DAP_DEBUG)
 ])dnl
 
+dnl Conditionally enable PIE support for GNU toolchains.
+AC_ARG_ENABLE(pie,APACHE_HELP_STRING(--enable-pie,Build httpd as a Position 
Independent Executable))
+if test "$enable_pie" = "yes"; then
+   AC_CACHE_CHECK([whether $CC accepts PIE flags], [ap_cv_cc_pie], [
+ save_CFLAGS=$CFLAGS
+ save_LDFLAGS=$LDFLAGS
+ CFLAGS="$CFLAGS -fPIE"
+ LDFLAGS="$LDFLAGS -pie"
+ AC_TRY_RUN([static int foo[3]; int main () { return 0; }],
+  [ap_cv_cc_pie=yes], [ap_cv_cc_pie=no], [ap_cv_cc_pie=yes])
+ CFLAGS=$save_CFLAGS
+ LDFLAGS=$save_LDFLAGS
+   ])
+   if test "$ap_cv_cc_pie" = "yes"; then
+ PICFLAGS="-fPIE"
+ PILDFLAGS="-pie"
+   else
+ AC_ERROR([--enable-pie requested but $CC failed using PIE flags])
+   fi
+fi
+AC_SUBST(PICFLAGS)
+AC_SUBST(PILDFLAGS)
+
 prefix="$orig_prefix"
 APACHE_ENABLE_MODULES
 
Index: build/rules.mk.in
===
--- build/rules.mk.in   (revision 125927)
+++ build/rules.mk.in   (working copy)
@@ -31,18 +31,21 @@
 
 # Compile commands
 
-COMPILE  = $(CC)  $(ALL_CFLAGS) $(ALL_CPPFLAGS) $(ALL_INCLUDES)
-CXX_COMPILE  = $(CXX) $(ALL_CXXFLAGS) $(ALL_CPPFLAGS) $(ALL_INCLUDES)
+BASE_CC  = $(CC) $(ALL_CFLAGS) $(ALL_CPPFLAGS) $(ALL_INCLUDES)
+BASE_CXX = $(CXX) $(ALL_CXXFLAGS) $(ALL_CPPFLAGS) $(ALL_INCLUDES)
 
-SH_COMPILE = $(LIBTOOL) --mode=compile $(COMPILE) @SHLTCFLAGS@ -c $< && 
touch $@
-SH_CXX_COMPILE = $(LIBTOOL) --mode=compile $(CXX_COMPILE) @SHLTCFLAGS@ -c $< 
&& touch $@
+COMPILE  = $(BASE_CC) @PICFLAGS@
+CXX_COMPILE  = $(BASE_CXX) @PICFLAGS@
 
+SH_COMPILE = $(LIBTOOL) --mode=compile $(BASE_CC) @SHLTCFLAGS@ -c $< && 
touch $@
+SH_CXX_COMPILE = $(LIBTOOL) --mode=compile $(BASE_CXX) @SHLTCFLAGS@ -c $< && 
touch $@
+
 LT_COMPILE = $(LIBTOOL) --mode=compile $(COMPILE) @LTCFLAGS@ -c $< && 
touch $@
 LT_CXX_COMPILE = $(LIBTOOL) --mode=compile $(CXX_COMPILE) @LTCFLAGS@ -c $< && 
touch $@
 
 # Link-related commands
 
-LINK = $(LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) $(LT_LDFLAGS) 
$(ALL_LDFLAGS) -o $@
+LINK = $(LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) @PILDFLAGS@ 
$(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@
 SH_LINK  = $(SH_LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) $(LT_LDFLAGS) 
$(ALL_LDFLAGS) $(SH_LDFLAGS) $(CORE_IMPLIB) $(SH_LIBS) -o $@
 MOD_LINK = $(LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) -static $(LT_LDFLAGS) 
$(ALL_LDFLAGS) -o $@