1 |
hi everyone, |
2 |
|
3 |
sorry to insist on this matter but I can't find help anywhere else and people |
4 |
seem quite helpful here. |
5 |
|
6 |
I'm having problems with apache2+mod_php in an hardened environment. I'm |
7 |
restricting mprotect() and disallowing ELF relocations. of course mysql |
8 |
didn't start and apache2 didn't load the php module. |
9 |
|
10 |
mysql's problem was quickly fixed with a paxctl -m on 2 binaries. |
11 |
|
12 |
mod_php's problem still lies unfixable. paxctl -m on libphp4.so doesn't fix |
13 |
the problem and none of the libraries upon which libphp4.so depends on needs |
14 |
to relocate ELF segments. (individually checked with scanelf -a). |
15 |
|
16 |
apache2 refuses to start with the following error message: |
17 |
gw root # /etc/init.d/apache2 restart |
18 |
* Apache2 has detected a syntax error in your configuration files: |
19 |
Syntax error on line 6 of /usr/lib/apache2/conf/modules.d/70_mod_php.conf: |
20 |
Cannot load /usr/lib/apache2/extramodules/libphp4.so into |
21 |
server: /usr/lib/apache2/extramodules/libphp4.so: cannot make segment |
22 |
writable for relocation: Permission denied |
23 |
gw root # |
24 |
|
25 |
Since I'm running gentoo linux and there's an interesting hardenedphp flag |
26 |
affecting the mod_php ebuild, I decided to try it out, but with no luck. |
27 |
|
28 |
Where should I carry on debugging and what could be the problem here, since it |
29 |
doesn't seem to be libphp4.so? |
30 |
|
31 |
regards, |
32 |
pedro venda. |
33 |
-- |
34 |
|
35 |
Pedro João Lopes Venda |
36 |
email: pjvenda < at > arrakis.dhis.org |
37 |
http://arrakis.dhis.org |