| 1 |
hi everyone, |
| 2 |
|
| 3 |
sorry to insist on this matter but I can't find help anywhere else and people |
| 4 |
seem quite helpful here. |
| 5 |
|
| 6 |
I'm having problems with apache2+mod_php in an hardened environment. I'm |
| 7 |
restricting mprotect() and disallowing ELF relocations. of course mysql |
| 8 |
didn't start and apache2 didn't load the php module. |
| 9 |
|
| 10 |
mysql's problem was quickly fixed with a paxctl -m on 2 binaries. |
| 11 |
|
| 12 |
mod_php's problem still lies unfixable. paxctl -m on libphp4.so doesn't fix |
| 13 |
the problem and none of the libraries upon which libphp4.so depends on needs |
| 14 |
to relocate ELF segments. (individually checked with scanelf -a). |
| 15 |
|
| 16 |
apache2 refuses to start with the following error message: |
| 17 |
gw root # /etc/init.d/apache2 restart |
| 18 |
* Apache2 has detected a syntax error in your configuration files: |
| 19 |
Syntax error on line 6 of /usr/lib/apache2/conf/modules.d/70_mod_php.conf: |
| 20 |
Cannot load /usr/lib/apache2/extramodules/libphp4.so into |
| 21 |
server: /usr/lib/apache2/extramodules/libphp4.so: cannot make segment |
| 22 |
writable for relocation: Permission denied |
| 23 |
gw root # |
| 24 |
|
| 25 |
Since I'm running gentoo linux and there's an interesting hardenedphp flag |
| 26 |
affecting the mod_php ebuild, I decided to try it out, but with no luck. |
| 27 |
|
| 28 |
Where should I carry on debugging and what could be the problem here, since it |
| 29 |
doesn't seem to be libphp4.so? |
| 30 |
|
| 31 |
regards, |
| 32 |
pedro venda. |
| 33 |
-- |
| 34 |
|
| 35 |
Pedro João Lopes Venda |
| 36 |
email: pjvenda < at > arrakis.dhis.org |
| 37 |
http://arrakis.dhis.org |
Archives