To keep up on my security I updated apache from 2.0.47 to 2.0.48 today because of the GLSA that went out. After updating and changing some of config files over apache is failing to start. When I run /etc/init.d/apache2 start I get: * Starting apache2... /sbin/runscript.sh: line 526: 31027 Aborted env -i PATH=$PATH /sbin/start-stop-daemon --quiet --start --startas /usr/sbin/apache2 --pidfile /var/run/apache2.pid -- -k start ${APACHE2_OPTS} [ !! ] I've also tried to run apache2ctl on its own but it is also failing so I don't know where the problem lies. Running '/usr/sbin/apache2ctl start' gives me: /usr/sbin/apache2ctl: line 88: 31041 Aborted $HTTPD -k $ARGV
That's not enough information. What does your syslog tell you. What does the Apache error_log say. Do you compile with -fstack-protector? What options are enabled in /etc/conf.d/apache2?
I've tried it without the -fstack-protector also. It doesnt get far enought along to write to the log files for apache and nothing is written to the syslogger.
I found the problem. I'm using hardened-gcc. It seems that apache2 has some isses with the hardened-gcc package, but it works fine with the -fstack-protector flag.
you mean _without_ -fstack-protector right?
Nope, suprisingly I still have the -fstack-ptrtector flag in the make.conf and apache build correctly and worked. For some reason it didn't work with the hardened-gcc packages. Which is weird because propolice is part of hardened-gcc, so it must be one of the other parts of hardened-gcc that apache doesn't play nice with.
Well, if I build 2.0.48 with -fstack-protector here, my server will fail to load libphp.so and crash with this in the syslog: [apache2] stack overflow in function load_module If I build without -fstack-protector, it doesnt crash. Not sure what to do about this at the moment... bummer!
I have the same problem as described below. I am not using hardened-gcc. I have tried it with both apache1 and apache2 with identical results. I get the same result with Apache1 (after emerge unmerge apache2). PHP4.3.3. strace shows it loading the module and then doing a bunch of java-related things. Then it does something with /dev/log (I'm not in front of the system at the moment -- will post more specifics shortly) and then dies. Obviously, not turning on -D PHP4 (not loading the module) allows apache to start. I haven't tried it with any other modules as yet.
Ooops. I did have hardened gcc installed -- it was apparently in the stage3 image I started from and I didn't realize it. Once I unmerge'd it, everything built and worked fine.
thnks for this bug try to emerge glibc with the guard@@glibc changes, then reemerge gcc with this change: http://dev.gentoo.org/~pappy/gentoo-x86/sys-devel/gcc/gcc-3.2.3-r2.ebuild.diff do not forget to fetch the file from the dir and move it to the appropriate filesdir to get the patch going then emerge hardened-gcc, check for hcc.conf and hcc -a to be good then reemerge apache and mod_php btw: try starting apache2 without -D PHP4, this works, with -D PHP4 and full propolice compiled it does not work and tells about stack smash handling. why does it work without hardened-gcc and only CFLAGS then? simply put: because the ebuilds or makefiles throw away the stack protection CFLAGS. thanks again for giving the example with the problems described. *** This bug has been marked as a duplicate of 25299 ***
