|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #72281 PaX MPROTECT breaks php
Submitted: 2016-05-28 08:11 UTC Modified: 2016-11-13 14:38 UTC
From: tk at giga dot or dot at Assigned: cmb (profile)
Status: Closed Package: PCRE related
PHP Version: 7.0.7 OS: NetBSD
Private report: No CVE-ID: None
 [2016-05-28 08:11 UTC] tk at giga dot or dot at
When compiling php-7.0.7 on NetBSD-7.99.29/amd64, the compilation fails because php dumps core.
The problem is that NetBSD on that release has PaX MPROTECT turned on by default (see, i.e. it does not allow mapping pages both writable and executable. However, this is needed by php.

The backtrace of the core dump has:
#1  0x00000000004d0d87 in _pcre_jit_exec ()
#2  0x00000000004a53f1 in php_pcre_exec ()

Since JIT and MPROTECT are at odds with each other, I suggest running "paxctl +m" on the binary, which (on NetBSD, see removes the MPROTECT restrictions for the php binary.

A workaround patch is attached.
It can not be used as is, since paxctl on *BSD and paxctl on Linux have different syntax.
I hope that someone can extend this to also work on Linux.

The patch is an example, but is tested and works on NetBSD.


Better_workaround_patch_for_NetBSD.diff (last revision 2016-06-12 16:44 UTC by tk at giga dot or dot at)
workaround_patch_for_NetBSD.diff (last revision 2016-05-28 08:12 UTC by tk at giga dot or dot at)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-11-09 20:32 UTC]
-Package: Compile Failure +Package: PCRE related
 [2016-11-09 20:32 UTC]
As I understand it, the compilation succeeds, but the problem is PCRE's
JIT support, so I'm changing the "package affected".

> Since JIT and MPROTECT are at odds with each other, I suggest running
> "paxctl +m" on the binary, […]

But what if PCRE is built as shared library? Would that also work in
this case?

Furthermore, according to Gentoo's Hardened/PaX Quickstart[1] it appears
that marking is not without issues. Perhaps we should simply document
the issue instead of trying to fix it?

[1] <>
 [2016-11-09 22:01 UTC] tk at giga dot or dot at
PCRE is built as a shared library here, so the paxctl does work in this case.

The paxctl is just a workaround, the real fix would be to address the PCRE bug
"PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction":

It is however better in the meantime than core dumps :)
 [2016-11-13 14:00 UTC]
-Assigned To: +Assigned To: cmb
 [2016-11-13 14:35 UTC]
Automatic comment from SVN on behalf of cmb
Log: Document W^X/PaX MPROTECT issues

Fix #72281: PaX MPROTECT breaks php
Fix #73114: php segfault probably because OpenBSD wx implementation
 [2016-11-13 14:38 UTC]
-Status: Assigned +Status: Closed -Type: Bug +Type: Documentation Problem
 [2016-11-13 14:38 UTC]
We have decided that this is not an issue that PHP should try to
solve, but rather to document the problem and possible solutions.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Oct 17 07:03:33 2021 UTC