php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34484 mod_php 5/PaX/apache2 problem: apache2 refuses to load mod_php
Submitted: 2005-09-12 22:49 UTC Modified: 2005-09-14 23:03 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: Sjhutman at xs4all dot nl Assigned:
Status: Closed Package: MySQL related
PHP Version: 5.1.0RC1 OS: HLFS
Private report: No CVE-ID: None
 [2005-09-12 22:49 UTC] Sjhutman at xs4all dot nl
Description:
------------
Mod_php/PaX/apache2 problem: apache2 refuses to load mod_php when ELF relocations are prevented by PaX

Apache fails to start when loading libphp5.so. I get the following error: cannot make segment writable for relocation: Permission denied. 

I've traced the error back to the switch --with-mysql=/usr/local/mysql/. If I compile php without that switch I don't get the error.

The culprit of the error is TEXT RELOCATION. If I use the command: readelf -d $ /usr/lib/apache/libphp5.so | grep TEXTREL. I can see that TEXTREL is being used. Which is causing the problems. I'm using the latest version of mysql (5.0.12)

Switches used to compile PHP:
./configure --prefix=/usr/local/php5 --with-apxs2=/usr/sbin/apxs --disable-cli --disable-cgi --disable-rpath --disable-short-tags --disable-ipv6 --disable-all --with-openssl --with-zlib --enable-mbstring=all --with-pcre-regex -?enable-session --without-pear --with-mysql=/usr/local/mysql/


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-13 15:39 UTC] sniper@php.net
If I understood this correctly, it's caused by the fact that we build non-PIC by default. So adding --with-pic to your configure line should "fix" this "bug".

 [2005-09-13 18:22 UTC] Sjhutman at xs4all dot nl
Adding --with-pic to the configure line didn't work. I already tried that and i've given it a second try after your comment. It didn't work. Libphp5.so still contains TEXTREL

Output of readelf -d /usr/lib/apache/libphp5.so | grep TEXTREL

0x00000016 (TEXTREL)                    0x0
 [2005-09-14 00:30 UTC] sniper@php.net
With this configure line I get a "clean" build:

# ./configure \
--disable-all \
--with-apxs2 \
--disable-cli \
--with-pic

Also read this (with which I totally agree):
  http://advogato.org/person/wingo/diary.html?start=115

If you really want a secure system, unplug it from internet 
and don't allow anyone to use it even locally.
Reopen when you have an exploit ready..

 [2005-09-14 13:30 UTC] Sjhutman at xs4all dot nl
With every switch in the configure line I get a clean build without having TEXTREL in the library libphp5.so. But if I use the switch --with-mysql=/xxx/xxx/ in the configure line, the problem of having TEXTREL in the library libphp5.so returns. Using the --with-pie in the configure line doesn't change a thing. Using MySQL 4.1.x of 5.x also doesn't change a thing.

The link you provided was very interesting and convinced even more that TEXTREL is a "bad" thing.
 [2005-09-14 14:16 UTC] sniper@php.net
I don't see the exploit here..

 [2005-09-14 17:56 UTC] Sjhutman at xs4all dot nl
- I don't see the exploit here..

It's not about the exploit. Apache fails to start when loading libphp5.so. That's the main problem. I need apache, mysql and php all to work together. As I said before if I use the switch --with-mysql=/xxx/xxx/ in the configure line, the problem of having TEXTREL in the library libphp5.so appears and if TEXTREL is in the libphp5.so library, apache won't start because ELF text relocations are disallowed (GrSecurity/PAX). Using the --with-pie in the configure line doesn't change a thing. Using MySQL 4.1.x or 5.x also doesn't change a thing.
 [2005-09-14 19:43 UTC] sniper@php.net
Read:
http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#paxnoelf

And the option I suggested using is --with-pic (PIC, not PIE)

 [2005-09-14 23:03 UTC] Sjhutman at xs4all dot nl
And the option I suggested using is --with-pic (PIC, not PIE)

That was a typo. Just be sure i've compiled php again. This doesn't change anything. But I've got it working. Your link was very usefull. I've disabled all the security options on httpd with paxctl. This allows the execution of text relocations.

Thank you for your help.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Sun Jul 06 19:01:36 2025 UTC