Summary: | >=dev-lang/php-5.5.4's stack smashing protection kills ODBC queries | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Michael Orlitzky <mjo> |
Component: | [OLD] Development | Assignee: | PHP Bugs <php-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Keywords: | UPSTREAM |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.php.net/bug.php?id=66311 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
PHP script to reproduce the problem
Sample odbc.ini configured for a local MySQL mysqldump of the php_ssp_test database |
Description
Michael Orlitzky
2013-11-12 17:10:05 UTC
Created attachment 363132 [details]
Sample odbc.ini configured for a local MySQL
Created attachment 363134 [details]
mysqldump of the php_ssp_test database
I should mention a workaround: if you recompile php without SSP, it will work. So for example, # gcc-config -l [1] x86_64-pc-linux-gnu-4.7.3 * [2] x86_64-pc-linux-gnu-4.7.3-hardenednopie [3] x86_64-pc-linux-gnu-4.7.3-hardenednopiessp [4] x86_64-pc-linux-gnu-4.7.3-hardenednossp [5] x86_64-pc-linux-gnu-4.7.3-vanilla # gcc-config 4 # source /etc/profile I'm updating my @system to gcc-4.7.3 to test this, stay tuned. Fix the smashing attack insstead of disable ssp Recompile glibc with use debug then you should get note what function it happens. just turn ssp of is a only a short way to hide the problem for the code error may be expliteble. The fix has been committed upstream and merged into the 5.4, 5.5, and 5.6 branches. Just waiting for a release now. Ok, the fix is in 5.5.8 in the tree. |