php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74581 PaX killed execution attempt in PHP cli during build
Submitted: 2017-05-12 11:58 UTC Modified: 2017-07-15 23:31 UTC
From: michael at orlitzky dot com Assigned:
Status: Closed Package: Compile Failure
PHP Version: 7.1.5 OS: Gentoo Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: michael at orlitzky dot com
New email:
PHP Version: OS:

 

 [2017-05-12 11:58 UTC] michael at orlitzky dot com
Description:
------------
This issue affects both 7.0.19 and 7.1.5, and is new to both of those versions as far as I can tell. On a system with PaX enabled, I get the following build error:

  Generating phar.php
  Generating phar.phar
  PEAR package PHP_Archive not installed: generated phar will require PHP's 
  phar extension be enabled.
  make: *** [Makefile:359: ext/phar/phar.phar] Killed

Notice the "Killed" there at the end. That comes from the "php" CLI binary, as dmesg shows:

  [Thu May 11 20:59:17 2017] PAX: execution attempt in: <anonymous mapping>, 
  38cf40bc000-38cf40cc000 38cf40bc000

  [Thu May 11 20:59:17 2017] PAX: terminating task: /var/tmp/portage/dev-lang
  /php-7.1.5/work/sapis-build/cli/sapi/cli/php(php):7930, uid/euid: 250/250, 
  PC: 0000038cf40bc010, SP: 000003fa7ab2a118

I'm not sure that this is a PHP bug, but it's new in v7.0.19 and v7.1.5, so it's suspicious. To reproduce it, all one has to do is try to build PHP on a hardened Gentoo system (which are fairly common).

As a workaround, we could pax-mark the "php" binary, but that nullifies a strong security measure.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-07-15 23:31 UTC] michael at orlitzky dot com
-Status: Open +Status: Closed
 [2017-07-15 23:31 UTC] michael at orlitzky dot com
I'm not seeing this any more, so the problem was probably inside of me.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 22:01:26 2024 UTC