Differences between version 5 and predecessor to the previous major change of KnowledgeBase/FreeBSD/envhack.c.
Other diffs: Previous Revision, Previous Author
Newer page: | version 5 | Last edited on Sunday, 11 September 2011 6:40:25 | by CyberLeo | Revert |
Older page: | version 4 | Last edited on Saturday, 11 September 2010 2:18:01 | by CyberLeo | Revert |
@@ -1,4 +1,8 @@
+!!! Note
+
+As of [lang/php52-5.2.17_2|http://www.freshports.org/lang/php52], an OPTIONS knob was added to link php52 directly with libthr; presumably to avoid this.
+
!!! Background
PHP-5.2.12 with suhosin on FreeBSD-7.2-RELEASE amd64
version 5
Note
As of lang/php52-5.2.17_2, an OPTIONS knob was added to link php52 directly with libthr; presumably to avoid this.
Background
PHP-5.2.12 with suhosin on FreeBSD-7.2-RELEASE amd64
The native threading library on FreeBSD 7.2, libthr, annoys suhosin when it is loaded as a shared library, or by an extension such as mysql or mysqli.
$ php --version ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file 'unknown') $
The solution is to pre-inject the library, using LD_PRELOAD. However, you cannot reference a script in a shebang line, so using a shellscript preload hack will break all the shebanged php scripts. So use a C env hack.
- Compile this hack
gcc -o envhack envhack.c
- Rename PHP out of the way
mv /usr/local/bin/php /usr/local/bin/php-thr
- Link envhack in. Hardlinks are best, symlinks may work as well.
ln -v ./envhack /usr/local/bin/php
And it should work!
$ php --version PHP 5.2.12 with Suhosin-Patch 0.9.7 (cli) (built: Mar 13 2010 14:47:23) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies $
#include <stdlib.h> #include <stdio.h> #include <string.h> char * pre_lib = "/lib/libthr.so.3"; char * bin_sfx = "-thr"; int main(int argc, char ** argv) { /* Compute new binary name */ int bin_len = strlen(argv[0]) + strlen(bin_sfx) + 2; char * new_bin = malloc(bin_len); snprintf(new_bin, bin_len, "%s%s", argv[0], bin_sfx); /* Patch environment */ char * old_pre; char * new_pre; if (old_pre = getenv("LD_PRELOAD")) { int pre_len = strlen(pre_lib) + strlen(old_pre) + 2; new_pre = malloc(pre_len); snprintf(new_pre, pre_len, "%s:%s", old_pre, pre_lib); } else { new_pre = pre_lib; } setenv("LD_PRELOAD", new_pre, 1); /* Reexec */ if (0 > execvp(new_bin, argv)) { perror(new_bin); exit(1); } }
FreeBSD paka.cyberleo.net 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #1: Fri Jul 31 07:52:14 EDT 2009 cyberleo@paka.cyberleo.net:/usr/obj/usr/srcs/RELENG_7_2/src/sys/PAKA amd64
Installed packages
mysql-client-5.5.2 Multithreaded SQL database (client) mysql-server-5.5.2 Multithreaded SQL database (server) php5-5.2.12 PHP Scripting Language php5-mysql-5.2.12 The mysql shared extension for php php5-mysqli-5.2.12 The mysqli shared extension for php