Thank you for the question. What do you see in /var/log/messages? If the kernel does anything, it will always log it there.
If I had to guess, its probably that something on your system set PHP to smash your stack, and the kernel is preventing this (standard PHP installations do not have this problem, so I'm guessing it must be a source install of PHP, perhaps from cpanel). I've seen products like cpanel and splunk set php and openssl to be smashable which opens a massive hole in your system. Neither php nor openssl need to be configured in this manner to work correctly, so so why they do this is a mystery, its not necessary.
Check your logs for entries such as these:
Jun 8 09:14:16 system kernel: php[5963]: segfault at a801cecc ip a800809b sp bff43d70 error 7 in ld-2.5.so[a8001000+1b000]
Jun 8 09:14:11 system kernel: grsec: From 207.46.13.89: Segmentation fault occurred at a622eecc in /usr/bin/php[php:5952] uid/euid:590/590 gid/egid:590/590, parent /usr/local/apache/bin/httpd[httpd:5684] uid/euid:99/99 gid/egid:99/99
And then read this FAQ, which explains the simple process to remove this unnecessary hole on your system so you can run PHP securely.
https://www.atomicorp.com/wiki/index.ph ... _segfaultsUpdate: I just logged into your box (I hope you dont mind, but since I helped you last night I figured it might be faster to do this for you quickly), and indeed you do have the segfault errors explained in the FAQ above, so thats all it was, just a configuration setting for PHP:
Aug 13 11:48:08 host kernel: php[28273]: segfault at 7347c3c57da0 ip 00007347c3a419ec sp 00007fffec32ad20 error 7 in ld-2.5.so[7347c3a3b000+1c000]
Aug 13 11:48:08 host kernel: php[28275]: segfault at 62a51e1f9da0 ip 000062a51dfe39ec sp 00007fff012dfd20 error 7 in ld-2.5.so[62a51dfdd000+1c000]
Aug 13 11:48:08 host kernel: php[28276]: segfault at 649fe7a0cda0 ip 0000649fe77f69ec sp 00007fffb90bfd30 error 7 in ld-2.5.so[649fe77f0000+1c000]
So, all you just need to do is clear the wildly insecure smash-stack flags per the FAQ above, and you will be 100% good to go and secure.
Quote:
The technical support told me that this has lead to PHP Binaries corruption.
I think they may not know what they are talking about, thats just not even possible. I'm sorry to tell you this, but I think your technical support may not be as technical you might hope.
Maybe they dont understand what a segfault is? Anyway, thats all that was happening, your PHP binaries were fine, and they are fine now (although it looks like someone felt they needed to install them again, which was also not necessary).
# php -v
PHP 5.2.17 (cli) (built: Aug 14 2011 01:10:03)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by eAccelerator
with the ionCube PHP Loader v4.0.9, Copyright (c) 2002-2011, by ionCube Ltd., and
with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies
with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH
You just need to remove the stacksmash flags from the libraries explained in the FAQ above. Or use a package managed PHP and this will happen automatically. I believe you are using cpanel, so thats probably not possible as understand it cpanel compiled PHP from source (and its not even the latest PHP... why do they do this when they can just use the systems PHP which is newer?), so you'll have to clear the flags yourself. Again, its easy to do, and your system will be much more secure after you do it.
Anyway, I hope this helps, and if you can't sort out the libraries to secure let me know. Its actually pretty much a snap, you can usually find the includes in your php.ini file. I dont recall offhand where cpanel puts this, but a "locate php.ini" should find it for you.
Login
Register
FAQ
Search
