Summary: | dev-lang/php on hardened - src_configure(): segmentation faults in conftest | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Agostino Sarubbo <ago> |
Component: | Current packages | Assignee: | PHP Bugs <php-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=518964 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | grsec.log |
Description
Agostino Sarubbo
2011-07-28 13:31:20 UTC
It would help if i.e. there was a note in config.log which test exactly did segfault. @ago, can you give us instructions on how to reproduce, in particular, the use flags. I've been using php-5.3.6 production since it first went stable no problem, so this failed test is probably minor and we could just patch the build system to skip the test. Or just flat out ignore it. [ebuild R ] dev-lang/php-5.3.6 USE="apache2 bcmath bzip2 cli crypt ctype curl exif fileinfo filter fpm ftp gd gmp hash iconv imap inifile intl ipv6 json ldap mysql mysqli pdo phar pic posix postgres session simplexml soap sockets sqlite3 ssl threads tokenizer truetype unicode xml xmlreader xmlrpc xmlwriter xsl zip zlib (-adabas) -berkdb (-birdstep) -calendar -cdb -cgi -cjk -curlwrappers -db2 (-dbmaker) -debug -doc -embed (-empress) (-empress-bcs) -enchant (-esoob) -firebird -flatfile (-frontbase) -gd-external -gdbm -interbase -iodbc -kerberos -kolab -ldap-sasl -libedit -mhash -mssql -mysqlnd -nls -oci8 -oci8-instant-client -odbc -pcntl -qdbm -readline -recode -sapdb -sharedext -sharedmem -snmp (-solid) -spell -sqlite (-sybase-ct) -sysvipc -tidy -wddx -xpm" 0 kB Other info? Can this be reproduced in later versions of PHP? (In reply to comment #4) > Can this be reproduced in later versions of PHP? yes @ago: is this still a problem with php-5.6.x? I've been building and running PHP and its tests on a hardened machine for a few days now -- some of them fail, but no segfaults. It may have been fixed in the meantime. If not I'll track it down and send a report upstream. This is what I get: [ 0.000000] conftest[2184]: segfault at 1 ip 000003c1f673ed7b sp 000003f7289646c0 error 4 in libc-client.so.1.0.0[3c1f66ff000+105000] [ 0.000000] conftest[4293]: segfault at 0 ip 0000000000400590 sp 000003bcaa63f030 error 4 in conftest[400000+1000] [ 0.000000] conftest[4316]: segfault at 0 ip 000002e7f7b1097a sp 000003b4c1347bc8 error 4 in libc-2.21.so[2e7f7a80000+191000] [ 0.000000] conftest[16339]: segfault at 1 ip 00000281b3a38d7b sp 000003d9b9fe1d40 error 4 in libc-client.so.1.0.0[281b39f9000+105000] [ 0.000000] grsec: From 5.90.230.241: Segmentation fault occurred at 0000000000000001 in /media/data/chroot/var/tmp/portage/dev-lang/php-5.6.14/work/sapis-build/cgi/conftest[conftest:16339] uid/euid:250/250 gid/egid:250/250, parent /media/data/chroot/var/tmp/portage/dev-lang/php-5.6.14/work/sapis-build/cgi/configure[configure:16338] uid/euid:250/250 gid/egid:250/250 [ 0.000000] grsec: From 5.90.230.241: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /media/data/chroot/var/tmp/portage/dev-lang/php-5.6.14/work/sapis-build/cgi/conftest[conftest:16339] uid/euid:250/250 gid/egid:250/250, parent /media/data/chroot/var/tmp/portage/dev-lang/php-5.6.14/work/sapis-build/cgi/configure[configure:16338] uid/euid:250/250 gid/egid:250/250 [ 0.000000] conftest[18258]: segfault at 0 ip 0000000000400590 sp 000003a68e159420 error 4 in conftest[400000+1000] [ 0.000000] conftest[18281]: segfault at 0 ip 000002f15079597a sp 000003f6354ab908 error 4 in libc-2.21.so[2f150705000+191000] [ 0.000000] conftest[31012]: segfault at 1 ip 000002da6dc76d7b sp 00000392cae59f00 error 4 in libc-client.so.1.0.0[2da6dc37000+105000] [ 0.000000] conftest[576]: segfault at 0 ip 0000000000400590 sp 000003e1f089b4e0 error 4 in conftest[400000+1000] [ 0.000000] conftest[605]: segfault at 0 ip 00000351ff6cd97a sp 000003d138610928 error 4 in libc-2.21.so[351ff63d000+191000] [ 0.000000] conftest[13435]: segfault at 1 ip 0000034314f16d7b sp 000003c189c03390 error 4 in libc-client.so.1.0.0[34314ed7000+105000] [ 0.000000] conftest[15336]: segfault at 0 ip 0000000000400590 sp 000003f06e4abc20 error 4 in conftest[400000+1000] [ 0.000000] conftest[15384]: segfault at 0 ip 000002923c62897a sp 000003bc61a6f7e8 error 4 in libc-2.21.so[2923c598000+191000] I'm removing @hardened from CC since I think this is unrelated. The crash happens in libc-client: [ 0.000000] conftest[2184]: segfault at 1 ip 000003c1f673ed7b sp 000003f7289646c0 error 4 in libc-client.so.1.0.0[3c1f66ff000+105000] which comes from net-libs/c-client. We have some other problems with c-client: * bug #456928 * bug #545086 I can think of a few next steps if you feel like troubleshooting. First, you could unset USE=imap and see if the ./configure succeeds. If it does, at least we'll know that c-client is in fact the problem. Next, you could try re-emerging c-client with LDFLAGS="-lcrypt". Maybe this is the same issue as in those two bugs? Are you using gold or another non-default linker? Or if that doesn't work, you could try to compile the conftest program yourself. They're little tiny programs, and you can find the source code in config.log. If you build c-client with debug symbols you should be able to get a decent traceback from the crash. If you switch back to vanilla GCC that might improve things, who knows. > I can think of a few next steps if you feel like troubleshooting. First, you > could unset USE=imap and see if the ./configure succeeds. I have the same failure without USE imap. > Next, you could try re-emerging c-client with LDFLAGS="-lcrypt". Maybe this > is the same issue as in those two bugs? Are you using gold or another > non-default linker? Re-emerged, same issue. I don't use different linker. Two of these segfaults I've fixed in bug #518964: https://github.com/php/php-src/pull/1626 The c-client one should be fixed in. https://github.com/php/php-src/pull/1627 Now we wait... This got merged upstream when I wasn't paying attention. |