CDNWiki - KnowledgeBase / FreeBSD / envhack.c

Note: You are viewing an old version of this page. View the current version.

Background

PHP-5.2.12 with suhosin on FreeBSD-7.2-RELEASE amd64

The native threading library on FreeBSD 7.2, libthr, annoys suhosin when it is loaded as a shared library, or by an extension such as mysql or mysqli.

$ php --version
ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file 'unknown')
$

The solution is to pre-inject the library, using LD_PRELOAD. However, you cannot reference a script in a shebang line, so using a shellscript preload hack will break all the shebanged php scripts. So use a C env hack.

Compile this hack

gcc -o envhack envhack.c

Rename PHP out of the way

mv /usr/local/bin/php /usr/local/bin/php-thr

Link envhack in. Hardlinks are best, symlinks may work as well.

ln -v ./envhack /usr/local/bin/php

And it should work!

$ php --version
PHP 5.2.12 with Suhosin-Patch 0.9.7 (cli) (built: Mar 13 2010 14:47:23)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
$

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

char * pre_lib = "/lib/libthr.so.3";
char * bin_sfx = "-thr";

int main(int argc, char ** argv) {
  /* Compute new binary name */
  int bin_len = strlen(argv[0]) + strlen(bin_sfx) + 2;
  char * new_bin = malloc(bin_len);
  snprintf(new_bin, bin_len, "%s%s", argv[0], bin_sfx);

  /* Patch environment */
  char * old_pre;
  char * new_pre;
  if (old_pre = getenv("LD_PRELOAD")) {
    int pre_len = strlen(pre_lib) + strlen(old_pre) + 2;
    new_pre = malloc(pre_len);
    snprintf(new_pre, pre_len, "%s:%s", old_pre, pre_lib);
  } else {
    new_pre = pre_lib;
  }
  setenv("LD_PRELOAD", new_pre, 1);

  /* Reexec */
  if (0 > execvp(new_bin, argv)) {
    perror(new_bin);
    exit(1);
  }
}

FreeBSD paka.cyberleo.net 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #1: Fri Jul 31 07:52:14 EDT 2009     cyberleo@paka.cyberleo.net:/usr/obj/usr/srcs/RELENG_7_2/src/sys/PAKA  amd64

Installed packages

mysql-client-5.5.2  Multithreaded SQL database (client)
mysql-server-5.5.2  Multithreaded SQL database (server)
php5-5.2.12         PHP Scripting Language
php5-mysql-5.2.12   The mysql shared extension for php
php5-mysqli-5.2.12  The mysqli shared extension for php