ID: 34484 User updated by: Sjhutman at xs4all dot nl Reported By: Sjhutman at xs4all dot nl -Status: Bogus +Status: Closed Bug Type: MySQL related Operating System: HLFS PHP Version: 5.1.0RC1 New Comment:
And the option I suggested using is --with-pic (PIC, not PIE) That was a typo. Just be sure i've compiled php again. This doesn't change anything. But I've got it working. Your link was very usefull. I've disabled all the security options on httpd with paxctl. This allows the execution of text relocations. Thank you for your help. Previous Comments: ------------------------------------------------------------------------ [2005-09-14 19:43:38] [EMAIL PROTECTED] Read: http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#paxnoelf And the option I suggested using is --with-pic (PIC, not PIE) ------------------------------------------------------------------------ [2005-09-14 17:56:00] Sjhutman at xs4all dot nl - I don't see the exploit here.. It's not about the exploit. Apache fails to start when loading libphp5.so. That's the main problem. I need apache, mysql and php all to work together. As I said before if I use the switch --with-mysql=/xxx/xxx/ in the configure line, the problem of having TEXTREL in the library libphp5.so appears and if TEXTREL is in the libphp5.so library, apache won't start because ELF text relocations are disallowed (GrSecurity/PAX). Using the --with-pie in the configure line doesn't change a thing. Using MySQL 4.1.x or 5.x also doesn't change a thing. ------------------------------------------------------------------------ [2005-09-14 14:16:13] [EMAIL PROTECTED] I don't see the exploit here.. ------------------------------------------------------------------------ [2005-09-14 13:30:08] Sjhutman at xs4all dot nl With every switch in the configure line I get a clean build without having TEXTREL in the library libphp5.so. But if I use the switch --with-mysql=/xxx/xxx/ in the configure line, the problem of having TEXTREL in the library libphp5.so returns. Using the --with-pie in the configure line doesn't change a thing. Using MySQL 4.1.x of 5.x also doesn't change a thing. The link you provided was very interesting and convinced even more that TEXTREL is a "bad" thing. ------------------------------------------------------------------------ [2005-09-14 00:30:03] [EMAIL PROTECTED] With this configure line I get a "clean" build: # ./configure \ --disable-all \ --with-apxs2 \ --disable-cli \ --with-pic Also read this (with which I totally agree): http://advogato.org/person/wingo/diary.html?start=115 If you really want a secure system, unplug it from internet and don't allow anyone to use it even locally. Reopen when you have an exploit ready.. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/34484 -- Edit this bug report at http://bugs.php.net/?id=34484&edit=1
