hi everyone, I've been using grsecurity patches in a production box since January. A couple of days ago, I had to reboot and found out that apache2 wouldn't start. It couldn't start the php module (4.3.11 compiled the day before). mod_php 4.3.10 was compiled in December 19 and worked fine even with grsecurity.
gw root # /etc/init.d/apache2 restart * Apache2 has detected a syntax error in your configuration files: Syntax error on line 6 of /usr/lib/apache2/conf/modules.d/70_mod_php.conf: Cannot load /usr/lib/apache2/extramodules/libphp4.so into server: /usr/lib/apache2/extramodules/libphp4.so: cannot make segment writable for relocation: Permission denied gw root # After some quick googling, I found this issue to be related to a PAX kernel option that I have enabled: (http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml?style=printable#paxnoelf) This apache2 mod_php module code may be killed by the kernel's PAX features, but what puzzles me is that the old one (4.3.10) worked fine in the same environment. The help text indicates that this could be result of misbehaving assembly code... in mod_php?? After that, I tried chpax -m /usr/sbin/apache2 /usr/lib/apache2/extramodules/libphp4.so and even further with chpax -pmrs to the same files. No luck. What can be going on here? I tried recompiling the mod_php module but of course, no luck. Any help?? I'd like to keep mprotect() restricted but with an exception for mod_php... is this possible? regards, pedro venda. p.s.: this is the second time I'm sending this, I didn't get it back and it didn't appear in the list archives. -- Pedro Jo�o Lopes Venda email: pjlv < at > mega.ist.utl.pt http://arrakis.dhis.org
pgpT0AejDV4dC.pgp
Description: PGP signature
