[grsec] mprotect, libapreq2
pageexec at freemail.hu
pageexec at freemail.hu
Wed May 14 10:13:19 EDT 2008
On 14 May 2008 at 9:51, xyon wrote:
> > search the forum, solutions have been discussed many times. for a start,
> > execstack -c.
>
> Thank you for the tip. I scoured the forums and ran execstack -c on the
> offending libs which solved the exec stack error. I am now faced with the ELF
> text relocation error which, from what I can tell, requires a kernel
> recompile (without the ELF kernel option), or turning mprotect off for the
> httpd binary. Is there a third alternative? I don't think the performance
> enhancement of Apache2::Request being available to mod_perl (instead of the
> old CGI.pm) is worth the downgrade in security. Anyone have any opinions on
> this?
you should find out where the textrels are coming from and whether it's
easy to fix them. it's probably either the lack of -fPIC during compilation
(easy to fix) or non-PIC asm code (can be a lot of work).
More information about the grsecurity
mailing list