php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74367 do not support stack cookies
Submitted: 2017-04-04 03:48 UTC Modified: 2017-05-04 15:13 UTC
From: r at ramon dot ph Assigned:
Status: Not a bug Package: mysqlnd_ms (PECL)
PHP Version: 5.6.30 OS: Amazon Linux AMI 2016.09
Private report: No CVE-ID: None
 [2017-04-04 03:48 UTC] r at ramon dot ph
Description:
------------
We are doing "Runtime Behavior Analysis" on our Amazon EC2 instance and one of the rules for it is "Software Without Stack Cookies". The analysis said:

The following executable files on instance i-9bb14a8d do not support stack cookies: /usr/lib64/php/5.6/modules/mysqlnd_ms.so.
This rule detects the presence of third-party software that is compiled without support for stack cookies. Stack cookies increase system security by defending against stack-based buffer overflow and other memory corruption attacks.

Is it possible to do this build option? Preferably via PECL and not a self-compile as it will be easier to maintain than us building and keeping track of its updates.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-04 05:42 UTC] stas@php.net
-Type: Security +Type: Bug
 [2017-04-04 05:43 UTC] stas@php.net
-Status: Open +Status: Not a bug
 [2017-04-04 05:43 UTC] stas@php.net
We do not distribute binaries for Linux, so I'd recommend to contact the distro that the file came from.
 [2017-05-03 18:57 UTC] jschwartz at emfluence dot com
I also got some recommendations like this, but with other PHP packages. Were you able to resolve the issue?
 [2017-05-04 15:13 UTC] r at ramon dot ph
No we weren't able to. We also tried contacting the authors but it seemed like they disappeared off the face of the earth around 2 years ago. No social media account updates no nothing.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 01:01:28 2024 UTC