ID: 34484 Updated by: [EMAIL PROTECTED] Reported By: Sjhutman at xs4all dot nl -Status: Open +Status: Bogus Bug Type: MySQL related Operating System: HLFS PHP Version: 5.1.0RC1 New Comment:
Read: http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#paxnoelf And the option I suggested using is --with-pic (PIC, not PIE) Previous Comments: ------------------------------------------------------------------------ [2005-09-14 17:56:00] Sjhutman at xs4all dot nl - I don't see the exploit here.. It's not about the exploit. Apache fails to start when loading libphp5.so. That's the main problem. I need apache, mysql and php all to work together. As I said before if I use the switch --with-mysql=/xxx/xxx/ in the configure line, the problem of having TEXTREL in the library libphp5.so appears and if TEXTREL is in the libphp5.so library, apache won't start because ELF text relocations are disallowed (GrSecurity/PAX). Using the --with-pie in the configure line doesn't change a thing. Using MySQL 4.1.x or 5.x also doesn't change a thing. ------------------------------------------------------------------------ [2005-09-14 14:16:13] [EMAIL PROTECTED] I don't see the exploit here.. ------------------------------------------------------------------------ [2005-09-14 13:30:08] Sjhutman at xs4all dot nl With every switch in the configure line I get a clean build without having TEXTREL in the library libphp5.so. But if I use the switch --with-mysql=/xxx/xxx/ in the configure line, the problem of having TEXTREL in the library libphp5.so returns. Using the --with-pie in the configure line doesn't change a thing. Using MySQL 4.1.x of 5.x also doesn't change a thing. The link you provided was very interesting and convinced even more that TEXTREL is a "bad" thing. ------------------------------------------------------------------------ [2005-09-14 00:30:03] [EMAIL PROTECTED] With this configure line I get a "clean" build: # ./configure \ --disable-all \ --with-apxs2 \ --disable-cli \ --with-pic Also read this (with which I totally agree): http://advogato.org/person/wingo/diary.html?start=115 If you really want a secure system, unplug it from internet and don't allow anyone to use it even locally. Reopen when you have an exploit ready.. ------------------------------------------------------------------------ [2005-09-13 18:22:39] Sjhutman at xs4all dot nl Adding --with-pic to the configure line didn't work. I already tried that and i've given it a second try after your comment. It didn't work. Libphp5.so still contains TEXTREL Output of readelf -d /usr/lib/apache/libphp5.so | grep TEXTREL 0x00000016 (TEXTREL) 0x0 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/34484 -- Edit this bug report at http://bugs.php.net/?id=34484&edit=1
