Whenever *any* php page is loaded in my apache-2.0.52-r1, I get messages in my syslog similar to this: php security-alert: linked list canary was overwritten (attacker '127.0.0.1', file '/var/www/localhost/htdocs/test/foo.php') Compiling without the hardenedphp use flag makes the problem go away. This looks very similar to bug #57166 so maybe this bug is also an upstream problem. Strange thing is this exact same version of mod_php used to work on my machine. See forum posting at http://forums.gentoo.org/viewtopic-p-2411572.html for more details. Reproducible: Always Steps to Reproduce: 1. 2. 3. Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.4.20041102-r1, 2.6.11-gentoo-r6 i686) ================================================================= System uname: 2.6.11-gentoo-r6 i686 Pentium III (Katmai) Gentoo Base System version 1.4.16 Python: dev-lang/python-2.3.5 [2.3.5 (#1, Apr 29 2005, 19:42:38)] dev-lang/python: 2.3.5 sys-apps/sandbox: [Not Present] sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r7 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.8.1-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -mcpu=pentium3 -march=pentium3 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O2 -mcpu=pentium3 -march=pentium3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="http://mirrors.acm.cs.rpi.edu/gentoo/ http://mirror.datapipe.net/gentoo/ http://ftp.easynet.nl/mirror/gentoo/ http://gentoo.mirror.sdv.fr/" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X aalib acl acpi alsa apache2 apm arts audiofile avi berkdb bindist bitmap-fonts caps crypt cups curl directfb doc dvd eds emacs emboss encode esd fam fbcon flac flash foomaticdb fortran gd gdbm ggi gif gmp gnome gpm gstreamer gtk gtk2 guile hardened hardenedphp imap imlib innodb ipv6 jack java jpeg junit kde kerberos ldap libg++ libwww mad mailwrapper mcal memlimit mikmod mmap mmx motif mozilla mp3 mpeg mysql nas ncurses nls nptl odbc ogg oggvorbis opengl oss pam pcre pdflib perl php pic pie png portaudio postgres python qt quicktime readline ruby samba sasl sdl slang slp speex spell sse ssl svga symlink tcltk tcpd tetex theora tiff truetype truetype-fonts type1-fonts unicode vhosts vorbis xine xml xml2 xmms xprint xv yaz zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Looks like another person had this problem, although it was with different versions of mod_php and the hardened-php patch: http://sourceforge.net/tracker/index.php?func=detail&aid=1111739&group_id=106971&atid=646223
Are you loading/using any shared extensions into your PHP that have not been built against Hardened PHP? For instance, if you have dev-php/turck-mmcache installed you have to re-emerge it after you emerged Hardened-PHP (with "USE=hardenedphp emerge mod_php", for example).
The only extension I have is the java.so that comes with mod_php (when the +java use flag is enabled). I tried commenting out that extension in php.ini but it still crashes with the same error every time.
Me too :) Not even hello.php works: <html> <body> <?php echo "<h1>Hi, this is a php page</h1>"; ?> </body> </html> Syslog-ng shows entries like: tail /var/log/messages May 15 17:27:00 cephas php security-alert: linked list canary was overwritten (attacker '192.168.7.57', file '/var/www/localhost/htdocs/phpldapadmin/index.php') I am using hardened 2005.0 profile with pic, hardened and hardened-php USE flags. -c
same here... found that error when trying to solve one that was related to mysql. I think I may have traced the problem as far as Zend/zend_llist.c but I do not have the time to look deep into the file. At a first glance it seems pretty straight forward code. Please note that I got to this file by taking a look at the hardened diff, the problem may actually happen elsewhere and only show up there... Have any of you tried to compile mod_php manually and got the same errors? If that is the case, this is most likely an upstream problem with the zend engine or the hardened patch.
ups.... I read the contents, but not the title... I think I should mention that I am seing thin on mod_php-5.0.4! Sorry
Please post the configure line (for instance from the output of phpinfo()) and the version of Apache you are using.
Today I upgraded my apache and this bug hit me too, but when upgrading apache I also added threads use flag and recompiled php and mod_php, I removed that flag and recompiled apache and bug went away, check if You have threads in Your use flags and disable it, maybe it will help
My Gentoo box is sick right now (hardware failure), so I can't report which version of Apache I am running nor can I tell you what the configure line is. Once I get my machine back up and running I'll post another comment. In the meantime, can anyone else report that information? Also, can anyone else verify that re-emerging net-www/apache with USE="-threads" makes the problem go away? Thanks!
Same error occurs with mod_php-4.4.0. The odd thing is, I was running 4.3.11 perfectly fine before this with the same flags. ---------------- sui apache2 # emerge -pv mod_php apache php These are the packages that I would merge, in order: Calculating dependencies ...done! [ebuild R ] dev-php/mod_php-4.4.0 +X +apache2 +berkdb +crypt +curl -debug -doc -fdftk -firebird +flash -freetds -gd -gd-external +gdbm -gmp +hardenedphp -imap -informix +ipv6 +java +jpeg -kerberos -ldap -mcal -memlimit -mssql +mysql +nls -oci8 -odbc +pam +png -postgres -snmp +spell +ssl +tiff +truetype +xml2 -yaz 0 kB [ebuild R ] net-www/apache-2.0.54-r8 +berkdb -doc +gdbm +ipv6 -ldap (-selinux) +ssl -static +threads 0 kB [ebuild R ] dev-php/php-4.4.0 +X +berkdb +crypt +curl -debug -doc -fdftk -firebird -flash -freetds -gd -gd-external +gdbm -gmp +hardenedphp -imap -informix +ipv6 +java +jpeg -kerberos -ldap -mcal -memlimit -mssql +mysql +ncurses +nls -oci8 -odbc +pam +png -postgres +readline -snmp +spell +ssl +tiff +truetype +xml2 -yaz 0 kB sui apache2 # emerge --info Portage 2.0.51.22-r1 (default-linux/x86/2005.0, gcc-3.4.3-20050110, glibc-2.3.4.20041102-r1, 2.6.11-hardened-r1 i686) ================================================================= System uname: 2.6.11-hardened-r1 i686 Pentium III (Coppermine) Gentoo Base System version 1.6.12 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.10 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -mtune=pentium3 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -mtune=pentium3 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distcc distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://modzer0.cs.uaf.edu/public/gentoo/ http://gentoo.asgn.ca/" MAKEOPTS="-j6" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X aalib acpi apache2 apm avi bash-completion berkdb bitmap-fonts cjk crypt cups curl emboss encode foomaticdb fortran gdbm gif gpm gtk gtk2 hardened imlib ipv6 java jpeg libcaca libg++ libwww mad mikmod mmx mng motif mozilla mp3 mpeg mysql ncurses nls nptl nptlonly oggvorbis opengl pam pdflib perl php png ppds python quicktime readline samba sdl slang spell sse sse2 ssl svga tcpd tetex tiff truetype truetype-fonts type1-fonts unicode usb xml2 xmms xprint xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Same with my 4.4.0: Portage 2.0.51.22-r1 (hardened/x86/2.6, gcc-3.3.5-20050130, glibc-2.3.4.20041102-r1, 2.6.11-hardened-r15 i686) ================================================================= System uname: 2.6.11-hardened-r15 i686 Intel(R) XEON(TM) CPU 2.00GHz Gentoo Base System version 1.6.12 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.10 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -mcpu=pentium4 -pipe -fomit-frame-pointer -fforce-addr" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -mcpu=pentium4 -pipe -fomit-frame-pointer -fforce-addr" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j3" PKGDIR="/usr/portage//packages/x86/" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 apache2 bcmath berkdb bzip2 bzlib clamav cracklib crypt ctype curl dio ethereal exif flash ftp gd gdbm gif hardened hardenedphp iconv icq ipv6 jabber java jpeg largeterminal ldap libclamav logrotate maildir mime mmap mmx mng msn mysql ncurses nls no-old-linux no-suexec nptl offensive oscar pam pcre pdf pdflib perl php pic png posix procmail python quotas readline rtc sasl shared sharedmem slang spamassassin spell sse sse2 ssl svg sysvipc tcpd tga threads tidy tiff truetype type1 uptimed vhosts vim vim-pager virus-scan xml xml2 yahoo zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY Useflags changed to -hardenedphp solved problem, but I am not happy with that. 4.3.11 was fine. IMO it should be changed to blocker.
same here for 4.4.0 this is a system that got just installed from scratch (following gentoo handbook) any information i can provide? i'm on a +hardened +hardenedphp system too. i have java but it's set to be allowed in pax and works w/o php. for logical reasons there is no way for me to give you the output of phpinfo() for mod_php. ;) and normal php (not mod_php) does execute the very same files (that mod_php refuses) fine. this starts to get critical, because my whole job depends on this... i already run WAMP because i had to do work... what a shame. :(( here is my emerge info: ------------------------------------------------------------------------------- Portage 2.0.51.22-r1 (hardened/x86/2.6, gcc-3.3.5-20050130, glibc-2.3.4.20041102-r1, 2.6.11-hardened-r15 i686) ================================================================= System uname: 2.6.11-hardened-r15 i686 AMD Athlon(tm) Processor Gentoo Base System version 1.6.12 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.10 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-tbird -fomit-frame-pointer -pipe -falign-functions=4" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-tbird -fomit-frame-pointer -pipe -falign-functions=4" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig candy distlocks sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://mir.zyrianes.net/gentoo/ http://www.gigaload.org/gentoo.org/" LANG="de_DE.utf8" LC_ALL="de_DE.utf8" LINGUAS="de" MAKEOPTS="-j3" PKGDIR="/usr/portage//packages/x86/" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="3dnow aalib acl acpi alsa apache2 audiofile bash-completion berkdb bluetooth bzlib chroot crypt cups curl curlwrappers dedicated dio directfb dlloader doc encode exif fbcon fftw flac flash flatfile foomaticdb ftp gd gdbm gif gpm gstreamer hardened hardenedphp imagemagick imap imlib innodb jack java jikes jpeg junit ladcca lcms libcaca libwww mad mime ming mmap mmx mng mp3 mysql mysqli ncurses nls nocd offensive ogg oggvorbis openal pam pcre pdflib perl php pic png portaudio posix ppds prelude python readline ruby samba sdl session shared sharedmem slang sndfile snmp soap sockets sox spell spl ssl svg tcpd threads tidy tiff tokenizer truetype unicode usb userlocales vhosts vorbis x86 xml2 xsl zlib fritzcapi_cards_fcpci linguas_de userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LDFLAGS, PORTDIR_OVERLAY
Navid (and others who's jobs depend on mod_php), May I reccomend rebuilding mod_php (and php, if you use command-line PHP scripts) with -hardenedphp, adding the appropriate entry to /etc/portage/package.use for mod_php and this USE flag setting. Yes, it is not a fix, but a temporary workaround (nee kludge) until this is sorted out. I would advise that if you get pushback regarding PHP security, that you make sure to follow the various guides on the net to secure PHP, and that should help to stave off the most obvious and known curent avenues of intrusion and exploit. Good luck!
I would still like to confirm if re-emerging apache with USE="-threads" fixes the problem. Has nobody tried this? I will as soon as I nurse my Gentoo box's hardware back to health, but it'd be cool if someone else could give it a shot and perhaps reveal a clue as to the specific interaction that breaks hardened php.
I just wanted to note that I upgraded to php 4.4 and I have no problems so far. I seems that at least for me threads use flags triggers this bug. My emerge info: Portage 2.0.51.22-r1 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.4.20041102-r1, 2.6.11- hardened-r15 i686) ================================================================= System uname: 2.6.11-hardened-r15 i686 Celeron (Mendocino) Gentoo Base System version 1.6.12 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.10 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -fomit-frame-pointer -fstack-protector-all" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/ control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -fstack-protector-all" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" LANG="pl_PL" LC_ALL="pl_PL" LINGUAS="pl" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 acl alsa apache2 apm arts atm avi bash-completion berkdb bitmap-fonts chroot clamav crypt cups curl emboss encode erandom foomaticdb gd gdbm gif gnome gtk2 hardened hardenedphp imap imlib jpeg kde libg++ libwww logrotate mad memlimit mikmod mmx motif mp3 mpeg mysql ncurses nls nptl nptlonly oggvorbis opengl oss pam pam_chroot pdflib perl pic pie png postfix python quicktime readline sasl sdl skey snortsam spamassassin ssl symlink tcpd tiff truetype truetype-fonts type1-fonts underscores userlocales virus-scan xml2 xmms xv zlib linguas_pl userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LDFLAGS
For me (2.6.11-hardened-r15; Portage 2.0.51.22-r2; apache-2.0.54-r8; [mod_]php-4.4.0), re-emerging _BOTH_ php & mod_php with USE="-hardenedphp" worked. Note that I first tried re-emerging apache with USE="-threads" and _DID NOT_ work.
I just re-emerged both mod_php and php with the flag "-hardenedphp", and I still get the same error message. My emerge info: Portage 2.0.51.22-r2 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.5-r0, 2.6.12-gentoo-r6 i686) ================================================================= System uname: 2.6.12-gentoo-r6 i686 Pentium III (Coppermine) Gentoo Base System version 1.6.13 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.11 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium3 -O3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium3 -O3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ ftp://mirror.switch.ch/mirror/gentoo/" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.ch.gentoo.org/gentoo-portage" USE="x86 X509 acpi alsa apache2 apm arts avi bash-completion berkdb bitmap-fonts bzip2 caps cdparanoia cdr crypt cups dedicated dvd emacs emboss encode fastcgi foomaticdb fortran ftp gdbm gif gmp gnome gpm gtk gtk2 hal hardened ieee1394 imagemagick imap imlib innodb ipv6 java jpeg kde lcms ldap libcaca libg++ libwww mad maildir mbox mcal memlimit mhash mikmod mime ming mmx motif mp3 mpeg mysql ncurses nls nptl nptlonly ogg oggvorbis opengl oss pam pdflib perl php png python qt quicktime readline sasl sdl snmp spell ssl tcpd threads tiff truetype truetype-fonts type1-fonts unicode usb verbose vorbis xml2 xmms xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
I have emerge apache with -threads, and now it works. After that, I re-emerged both mod_php and php with "hardenedphp" activated, and they still work. Conclusion: The "threads" flag of apache2 seems to be the culprit in some way.
I reemerged mod_php with -hardenedphp and it works again. apache is still using +threads.
Same thing here, first tried with USE="threads hardenedphp" and couldn't get it to work -- same error. Then removed the 'threads' and recompiled apache and now it works.
Hi, Also have this error/bug on a generally non-hardened machine with only "hardened-php" USE-flag. Using php/mod_php-4.4.0. This happens even with one-liners (testing.php - phpinfo). With "-hardened" apache2-2.0.54-r8 works OK. As i checked hardened-php site and saw there is a new version of the patch for all PHP-4.3.11,4.4.0 & 5.0.4 which is version 0.4.1 (the old is 0.3.2), i setup an overlay using this new version - same result, mod_php doesn't work. Haven't tried with "-threads" though. PS: my errors are as in comment #4 or similar. Thanks. Rumen
Hi, Please recompile Apache2 w/out USE=threads. We don't accept bug reports for problems with mod_php on a threaded Apache2. Best regards, Stu
