I have installed the dev-lang/php-5.1.1 with the cli enabled, but every run of php cli, it will be killed at the end of run. So, I can not run the pear cmd, thus I can not upgrade the PEAR-* package. Jan 6 15:38:39 [kernel] grsec: From 192.168.0.2: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/lib/php5/bin/php[php:12418] uid/euid:0/0 gid/egid:0/0, parent bin/bash[bash:12415] uid/euid:0/0 gid/egid:0/0 here is the use flag: [ebuild R ] dev-lang/php-5.1.1 -adabas -apache +apache2 +bcmath +berkdb -birdstep +bzip2 +calendar -cdb -cgi +cjk +cli +crypt +ctype +curl +curlwrappers -db2 +dba +dbase -dbmaker -debug -discard-path -doc -empress -empress-bcs -esoob +exif -fastbuild -fdftk +filepro -firebird +flatfile -force-cgi-redirect -frontbase +ftp +gd -gd-external +gdbm +gmp -hardenedphp -hyperwave-api +iconv +imap -informix +inifile -interbase -iodbc +ipv6 -java-external +kerberos +ldap -libedit +mcve -memlimit +mhash +ming -msql -mssql +mysql +mysqli +ncurses +nls -oci8 (-oci8-instant-client) +odbc +pcntl +pcre +pdo -pdo-external +pear +pic +posix +postgres -qdbm +readline -recode -sapdb +sasl +session +sharedext -sharedmem +simplexml +snmp +soap +sockets -solid +spell +spl +sqlite +ssl -sybase -sybase-ct +sysvipc +threads +tidy +tokenizer +truetype -vm-goto -vm-switch +wddx +xml +xmlreader +xmlrpc +xpm +xsl -yaz +zip +zlib 0 kB here is the emerge info: server critical # emerge info Portage 2.0.53 (hardened/x86/2.6, gcc-3.4.4, glibc-2.3.5-r2, 2.6.14-hardened-r3 i686) ================================================================= System uname: 2.6.14-hardened-r3 i686 Intel(R) Pentium(R) 4 CPU 2.00GHz Gentoo Base System version 1.6.13 dev-lang/python: 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.20 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -pipe -DNDEBUG" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X1 1/xkb /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -pipe -DNDEBUG" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://mirror.datapipe.net/pub/gentoo http://mirror.averse.net/p ub/gentoo" LC_ALL="en_US.UTF-8" MAKEOPTS="-j5" PKGDIR="/usr/portage//packages/x86/" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" SYNC="rsync://owl.gentoo.org/gentoo-portage" USE="X acl acpi alsa apache2 authdaemond bash-completion bcmath berkdb bluetooth bzip2 bzlib caps cjk crypt cscope ctype cups curl curlwrappers dlloader emacs-w 3 exif expat fam fortran gd gdbm gmp gnutls gpm guile hardened idn imap innodb i pv6 ithreads java javascript jpeg kerberos ldap libg++ lm_sensors logrotate mail dir mailwrapper mhash mime ming mmap mmx mng motif mysql mysqli ncurses nis nls nptl nptlonly odbc opengl pam pcmcia pcntl pcre pda pear perl php pic pie png pn p posix postgres profile python readline ruby samba sasl session sftplogging sha redext simplexml skey slang slp snmp soap sockets socks5 spell spl sqlite sse ss l svg symlink tcltk tcpd tetex threads tidy tiff truetype udev unicode usb vhost s x86 xml xml2 xmlrpc xpm xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Hardened has nothing (apparent) to do with the crash, grsecurity is just reporting system events, see: http://www.grsecurity.net/wiki/index.php/GrsecurityFAQ Feel free to re-assign if anything turns up showing a link between hardened and the cause of the event causing php to attempt to dump core.
Today, I found this: on my normal system(not using hardened toolchain), the php cli will segfault on it's exit with both php-5.1.1 and php-5.1.2(tested use overlay). So, Seems This is not a hardened problem, just php cli problem, seg fault on normal system, killed by hardened system.
(In reply to comment #2) > Today, I found this: on my normal system(not using hardened toolchain), the php > cli will segfault on it's exit with both php-5.1.1 and php-5.1.2(tested use > overlay). I definitely don't get any CLI segfaults with php-5.1.1 on either hardened or unhardened system. Recompile your toolchain and dev-lang/php without -DNDEBUG and similar unsupported cruft in your C[XX]FLAGS and reopen if the issue still persists then.
This makes no sense to me, I've rebuilt my php with CFLAGS="-march=nocona -O2 -pipe -fomit-frame-pointer", but it still killed by hardened system. So, if this is a problem of -DNDEBUG, why the apache2-sapi works really really fine? The whole system works perfect, only php-cli get seg fault? This both happend to my amd64 and x86, 3 server, plus 2 non-hardened desktop all the same, All built with -DNDEBUG, only >=php-5.1.1 get this problem.