i have upgraded my kernel to linux-2.6.32-hardened-r9, copyed my .config from 2.6.28-r9 to new kernel And php-5.2.13 can't start: segfault error. Reproducible: Always Steps to Reproduce: 1. Use linux-2.6.32-hardened-r9 2. Use security level="server no rbac" in kernel 3. start php-5.2.13 Actual Results: segmentation fault
Security level can be Low, Medium, High, e.t.c. My PHP USE="apache2 bcmath bzip2 cli crypt ctype curl filter gd gdbm hash iconv imap mysql mysqli ncurses nls pcre pic readline reflection session simplexml sockets spell spl ssl threads truetype unicode wddx xml xsl zip zlib" Installed Zend Optimizer
I see you have threads in USE flags? Zend Optimizer ... Supported PHP versions (For use with non-threaded PHP only) 4.2.x up to 4.4.x (4.3.x and higher for Mac OS X) 5.0.x, 5.1.x, 5.2.x Else a symbolic stack trace would be helpful. I don't think this is a kernel related bug, but probably a new or changed grsec feature exposing a bug in zend. What does dmesg has about it?
Can you please post your emerge --info, dmesg and a stack trace. Its not clear that this is a hardened issue, kernel or toolchain related. Many have been using php in a hardened environment without problem. I need to reproduce the problem to see if I can narrow it down.
I have recompiled PHP and apache without threads. I have installed last zend optimizer (3.3.9-r1). But error still appears. Here is in my logs: Jul 18 02:50:01 home kernel: grsec: Segmentation fault occurred at 98746ed0 in /usr/lib/php5/bin/php[php:7054] uid/euid:1009/1009 gid/egid:81/81, parent /bin/bash[bash:7051] uid/euid:1009/1009 gid/egid:81/81 Jul 18 02:50:01 home kernel: grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/lib/php5/bin/php[php:7054] uid/euid:1009/1009 gid/egid:81/81, parent /bin/bash[bash:7051] uid/euid:1009/1009 gid/egid:81/81 Jul 18 02:50:21 home kernel: apache2[7147]: segfault at a40f6ed0 ip a40e0748 sp b976eb04 error 7 in ld-2.11.2.so[a40d9000+1d000] Jul 18 02:50:21 home kernel: grsec: From 89.232.105.12: Segmentation fault occurred at a40f6ed0 in /usr/sbin/apache2[apache2:7147] uid/euid:0/0 gid/egid:0/0, parent /sbin/runscript.sh[runscript.sh:7146] uid/euid:0/0 gid/egid:0/0 Jul 18 02:50:21 home kernel: grsec: From 89.232.105.12: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/apache2[apache2:7147] uid/euid:0/0 gid/egid:0/0, parent /sbin/runscript.sh[runscript.sh:7146] uid/euid:0/0 gid/egid:0/0 Jul 18 02:50:21 home kernel: apache2[7149]: segfault at af880ed0 ip af86a748 sp bd3ff814 error 7 in ld-2.11.2.so[af863000+1d000] Jul 18 02:50:21 prium kernel: grsec: From 89.232.105.12: Segmentation fault occurred at af880ed0 in /usr/sbin/apache2[apache2:7149] uid/euid:0/0 gid/egid:0/0, parent /sbin/runscript.sh[runscript.sh:7146] uid/euid:0/0 gid/egid:0/0 Jul 18 02:50:21 prium kernel: grsec: From 89.232.105.12: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/apache2[apache2:7149] uid/euid:0/0 gid/egid:0/0, parent /sbin/runscript.sh[runscript.sh:7146] uid/euid:0/0 gid/egid:0/0
emerge command generates segfault error under hardened kernel too :( If i turn off any security level in kernel, then all works fine. Portage 2.1.8.3 (hardened/linux/x86/10.0/server, gcc-4.3.4-hardenednopie, glibc-2.11.2-r0, 2.6.32-hardened-r9 i686) ================================================================= System uname: Linux-2.6.32-hardened-r9-i686-Intel-R-_Core-TM-_i7_CPU_920_@_2.67GHz-with-gentoo-1.12.13 Timestamp of tree: Sat, 17 Jul 2010 15:30:01 +0000 app-shells/bash: 4.0_p37 dev-lang/python: 2.6.4-r1, 3.1.2-r3 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.65 sys-devel/automake: 1.9.6-r2, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.3.4 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* -@EULA" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=core2 -msse4 -msse4.1 -msse4.2 -mcx16 -msahf -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -march=core2 -msse4 -msse4.1 -msse4.2 -mcx16 -msahf -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests autoconfig ccache distlocks fixpackages metadata-transfer news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="ru_RU.UTF-8" LC_ALL="" LDFLAGS="-Wl,-O1" LINGUAS="ru" MAKEOPTS="-j9" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/webapps-experimental /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="7zip acl acpi apache apache2 apm async automount bcmath bzip2 cdr cli cracklib crypt ctype curl cxx dbus dkim dovecot-sasl dynamicplugin examples fbcon filter gd gdbm gif gpm hardened hash headless iconv icq imap imlib jabber javascript jpeg libwww lm_sensors logitech-mouse logrotate maildir managesieve milter mmx mmxext modules mouse mudflap mysql mysqli nagios-dns nagios-ping nagios-ssh ncurses nfs nls no-seamonkey nptl nptlonly oav openmp pam pcre perl perlsuid pic png pop3d pppd python razor readline reflection sdk sdl session sieve simplexml slang sockets spamassassin spell spl sse sse2 sse3 ssl ssse3 sysfs syslog tcpd threads truetype truetype-fonts udev unicode urandom usb utempter valias vboxwebsrv vhosts vim-syntax wddx x86 xml xsl zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 intel mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa via vmware voodoo" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
I turned off any security level, but enable PaX by hands, error still appears. This is tail of `strace emerge --info`: open("/usr/lib/python2.6/lib-dynload/_ssl.so", O_RDONLY) = 7 read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@%\0\0004\0\0\0"..., 512) = 512 fstat64(7, {st_mode=S_IFREG|0755, st_size=27932, ...}) = 0 mmap2(NULL, 30972, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 7, 0) = 0x9dd71000 mmap2(0x9dd77000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 7, 0x5) = 0x9dd77000 close(7) = 0 open("/etc/ld.so.cache", O_RDONLY) = 7 fstat64(7, {st_mode=S_IFREG|0644, st_size=26711, ...}) = 0 mmap2(NULL, 26711, PROT_READ, MAP_PRIVATE, 7, 0) = 0x9ddbe000 close(7) = 0 open("/usr/lib/libssl.so.0.9.8", O_RDONLY) = 7 read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\311\0\0004\0\0\0"..., 512) = 512 fstat64(7, {st_mode=S_IFREG|0555, st_size=325445, ...}) = 0 mmap2(NULL, 288056, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 7, 0) = 0x9dd2a000 mmap2(0x9dd6d000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 7, 0x43) = 0x9dd6d000 close(7) = 0 open("/usr/lib/libcrypto.so.0.9.8", O_RDONLY) = 7 read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\331\3\0004\0\0\0"..., 512) = 512 fstat64(7, {st_mode=S_IFREG|0555, st_size=1579124, ...}) = 0 mmap2(NULL, 1387960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 7, 0) = 0x9dbd7000 mmap2(0x9dd11000, 90112, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 7, 0x139) = 0x9dd11000 mmap2(0x9dd27000, 11704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x9dd27000 mprotect(0x9e568000, 3796, PROT_READ|PROT_WRITE) = -1 EACCES (Permission denied) --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++ Segmentation fault
*** This bug has been marked as a duplicate of bug 264856 ***