CDNWiki
View Source:
KnowledgeBase/FreeBSD/envhack.c
!!! Note As of [lang/php52-5.2.17_2|http://www.freshports.org/lang/php52], an OPTIONS knob was added to link php52 directly with libthr; presumably to avoid this. !!! Background PHP-5.2.12 with suhosin on FreeBSD-7.2-RELEASE amd64 The native threading library on FreeBSD 7.2, libthr, annoys suhosin when it is loaded as a shared library, or by an extension such as mysql or mysqli. <verbatim> $ php --version ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file 'unknown') $ </verbatim> The solution is to pre-inject the library, using LD_PRELOAD. However, you cannot reference a script in a shebang line, so using a shellscript preload hack will break all the shebanged php scripts. So use a C env hack. * Compile this hack <verbatim> gcc -o envhack envhack.c </verbatim> * Rename PHP out of the way <verbatim> mv /usr/local/bin/php /usr/local/bin/php-thr </verbatim> * Link envhack in. Hardlinks are best, symlinks may work as well. <verbatim> ln -v ./envhack /usr/local/bin/php </verbatim> And it should work! <verbatim> $ php --version PHP 5.2.12 with Suhosin-Patch 0.9.7 (cli) (built: Mar 13 2010 14:47:23) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies $ </verbatim> ---- <code brush="c"> #include <stdlib.h> #include <stdio.h> #include <string.h> char * pre_lib = "/lib/libthr.so.3"; char * bin_sfx = "-thr"; int main(int argc, char ** argv) { /* Compute new binary name */ int bin_len = strlen(argv[0]) + strlen(bin_sfx) + 2; char * new_bin = malloc(bin_len); snprintf(new_bin, bin_len, "%s%s", argv[0], bin_sfx); /* Patch environment */ char * old_pre; char * new_pre; if (old_pre = getenv("LD_PRELOAD")) { int pre_len = strlen(pre_lib) + strlen(old_pre) + 2; new_pre = malloc(pre_len); snprintf(new_pre, pre_len, "%s:%s", old_pre, pre_lib); } else { new_pre = pre_lib; } setenv("LD_PRELOAD", new_pre, 1); /* Reexec */ if (0 > execvp(new_bin, argv)) { perror(new_bin); exit(1); } } </code> ---- <verbatim> FreeBSD paka.cyberleo.net 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #1: Fri Jul 31 07:52:14 EDT 2009 cyberleo@paka.cyberleo.net:/usr/obj/usr/srcs/RELENG_7_2/src/sys/PAKA amd64 </verbatim> Installed packages <verbatim> mysql-client-5.5.2 Multithreaded SQL database (client) mysql-server-5.5.2 Multithreaded SQL database (server) php5-5.2.12 PHP Scripting Language php5-mysql-5.2.12 The mysql shared extension for php php5-mysqli-5.2.12 The mysqli shared extension for php </verbatim>
