FS#48279 - [paxd] «denied RWX mmap» to php
Attached to Project:
Community Packages
Opened by Hermann Zahnweh (eigengrau) - Saturday, 20 February 2016, 22:37 GMT
Last edited by Daniel Micay (thestinger) - Monday, 12 December 2016, 05:27 GMT
Opened by Hermann Zahnweh (eigengrau) - Saturday, 20 February 2016, 22:37 GMT
Last edited by Daniel Micay (thestinger) - Monday, 12 December 2016, 05:27 GMT
|
Details
Description:
After upgrading the kernel to 4.4.2.201602182048-1, my journal gets flooded by «denied RWX mmap» messages. Feb 20 23:11:27 eigengrau kernel: grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/php[php:7742] uid/euid:33/33 gid/egid:33/33, parent /usr/bin/php[php:580] uid/euid:33/33 gid/egid:33/33 The respective process is stand-alone PHP application (the RSS updater daemon from community/tt-rss). I have not yet noticed any unexpected behavior after the mmap was denied. Can you advise whether this is a (non-)issue? Does PHP 7 require any new PaX exclusions? Additional info: * linux-grsec 4.4.2.201602182048-1 * php 7.0.3-1 * tt-rss 1:r7911-1 |
This task depends upon
Closed by Daniel Micay (thestinger)
Monday, 12 December 2016, 05:27 GMT
Reason for closing: Upstream
Additional comments about closing: These are going to be tracked upstream.
Monday, 12 December 2016, 05:27 GMT
Reason for closing: Upstream
Additional comments about closing: These are going to be tracked upstream.
Comment by
Daniel Micay (thestinger) -
Saturday, 05 March 2016, 12:34 GMT
Comment by
Hermann Zahnweh (eigengrau) -
Sunday, 06 March 2016, 14:48 GMT
After upgrading the kernel? It sounds like it was caused by
upgrading PHP. The error will go away with an MPROTECT exception
but the cause needs to be clear before I'll add it to paxd. I
don't think PHP has a JIT compiler yet.
The first time this appears in my logs is feb 18, after upgrading
linux-grsec from 4.3.5.201602092235-1 to 4.4.2.201602182048-1. No
PHP update was made in the transaction preceding these messages.
Though one possibility is that those errors just weren’t being
logged to the journal before that date.