hi everyone,
I've been using grsecurity patches in a production box since January.
Today I had to reboot and found out that apache2 wouldn't start. Reason was
that it couldn't start the php module. The guilty php module comes from
mod_php 4.3.11 ebuild, compiled yesterday. mod_php 4.3.10 was compiled in
December 19.
gw root # /etc/init.d/apache2 restart
* Apache2 has detected a syntax error in your configuration files:
Syntax error on line 6 of /usr/lib/apache2/conf/modules.d/70_mod_php.conf:
Cannot load /usr/lib/apache2/extramodules/libphp4.so into
server: /usr/lib/apache2/extramodules/libphp4.so: cannot make segment
writable for relocation: Permission denied
gw root #
After some quick googling, I found this issue to be related to a PAX kernel
option that I have enabled:
(http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml?style=printable#paxnoelf)
This apache2 mod_php module code may be killed by the kernel's PAX features,
but what puzzles me is that the old one (4.3.10) worked fine in the same
environment. The help text indicates that this could be result of misbehaving
assembly code... in mod_php??
Does any one else has this kind of problems with mod_php? I'll try recompiling
mod_php... but I don't think it'll solve anything. I may have to cut down
this feature in the kernel.
regards,
pedro venda.
--
Pedro João Lopes Venda
email: pjlv < at > mega.ist.utl.pt
http://arrakis.dhis.org
I've been using grsecurity patches in a production box since January.
Today I had to reboot and found out that apache2 wouldn't start. Reason was
that it couldn't start the php module. The guilty php module comes from
mod_php 4.3.11 ebuild, compiled yesterday. mod_php 4.3.10 was compiled in
December 19.
gw root # /etc/init.d/apache2 restart
* Apache2 has detected a syntax error in your configuration files:
Syntax error on line 6 of /usr/lib/apache2/conf/modules.d/70_mod_php.conf:
Cannot load /usr/lib/apache2/extramodules/libphp4.so into
server: /usr/lib/apache2/extramodules/libphp4.so: cannot make segment
writable for relocation: Permission denied
gw root #
After some quick googling, I found this issue to be related to a PAX kernel
option that I have enabled:
(http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml?style=printable#paxnoelf)
This apache2 mod_php module code may be killed by the kernel's PAX features,
but what puzzles me is that the old one (4.3.10) worked fine in the same
environment. The help text indicates that this could be result of misbehaving
assembly code... in mod_php??
Does any one else has this kind of problems with mod_php? I'll try recompiling
mod_php... but I don't think it'll solve anything. I may have to cut down
this feature in the kernel.
regards,
pedro venda.
--
Pedro João Lopes Venda
email: pjlv < at > mega.ist.utl.pt
http://arrakis.dhis.org