Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:96874
Return-Path: <cmbecker69@gmx.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 93642 invoked from network); 13 Nov 2016 14:00:08 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 13 Nov 2016 14:00:08 -0000
Authentication-Results: pb1.pair.com header.from=cmbecker69@gmx.de; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=cmbecker69@gmx.de; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmx.de designates 212.227.17.21 as permitted sender)
X-PHP-List-Original-Sender: cmbecker69@gmx.de
X-Host-Fingerprint: 212.227.17.21 mout.gmx.net  
Received: from [212.227.17.21] ([212.227.17.21:51352] helo=mout.gmx.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id FA/07-31581-5E178285 for <internals@lists.php.net>; Sun, 13 Nov 2016 09:00:06 -0500
Received: from [192.168.1.190] ([79.243.119.150]) by mail.gmx.com (mrgmx102
 [212.227.17.168]) with ESMTPSA (Nemesis) id 0Meduu-1cPe2a219s-00OKMr; Sun, 13
 Nov 2016 15:00:00 +0100
To: Joe Watkins <pthreads@pthreads.org>, Anatol Belski <anatol.php@belski.net>
References: <5eea66e9-0e47-852a-8720-7c7a6a0d2224@gmx.de>
 <0ca201d23d22$e3d623d0$ab826b70$@belski.net>
 <CAL=_i_=VpCtNWzF5re7h7puvRNpFED=g+E+g3hyko_z64d9xXg@mail.gmail.com>
Cc: PHP internals <internals@lists.php.net>
Message-ID: <05b7feed-3a0a-efd4-7923-a363d3d3c12c@gmx.de>
Date: Sun, 13 Nov 2016 15:00:06 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <CAL=_i_=VpCtNWzF5re7h7puvRNpFED=g+E+g3hyko_z64d9xXg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:jLvqDVfoqEVCRlyZvcpgPTBPTjQuqHeq8mBXHtHKS+D4oDKobNL
 3oC9fninCxoEWaPRjgG3Z7r/6nEtknMen854pPgLhrpdWjpxsj5x2QiLMxs7iKchYgewOIN
 gNlluEB5XUay4S2+aWtDHXVgwipo9w7BO+9IfrOnNQGULZ1u5lD+aSYa8gBKYFum9JF+QHi
 v3XWXc5xbeNRRUEuFuiQQ==
X-UI-Out-Filterresults: notjunk:1;V01:K0:Iwq0MYePKuE=:z0kMgiomG5aZ9v1iiDoy0y
 +uSMkiMjS4C1nevRiVbp02QFJMv0MSqDmyPhWu9KqZDzg5PhOHsmsbsuNc8E7rESjjIFcwxV8
 teBknLZVnSJwL2xJ3uKUQlvG7xrRYjbgata6VL8eSW3ki5a8bbXQaUSu5BAYlnwCv1xsI5msN
 VtRdOlneoDaaa+IC7I8V6fspf0cK7nXfY7blsy1UImJfRhRCP71h1KAdUTzYsjhU24EXBpeWl
 H9RbdPgLBntkJDYi4+z7kPPVQXDceoTpv9y3GCNKuDZwUH8U0uNoG8GoqcQHfN2KXQaMWaX/O
 KxnRdO1mHmXuvWdWlFN3Wks/vMR0VtwRALbSiNFWjudAqA2vS4xluB8/p4b0zq5wuI+8WyuId
 KVGgui7QMhyR1z5Dg74YzTeHvBVYNRB3NRoIUbNFMXz6tUTPtwaC2hI8iC5c5j9SKk6eq/yPs
 Vfhbik2YHeOZ9L2qLQhB3PIMWqZ1i+uhSTxfKKT4ZJ/WbJISY4noMZVdtdlNydits3BcvVnKM
 IbR2Tr9mCnP3W0ZLzBp3Krp/OvK/Z6ZtxGApF1h9/KUU6u0YYGRpwBrR1m4r+EieNJVx7YCnK
 jQO+pNsUbqDem7FBJdGj96QpryZQ6YizMTT85+Sk9IBRWWxuQR0t570z1qbQFBinHiL/BXP1z
 qqS38MTq+WkWr6kXEIzlaiIpA9ilrG27TWaZegU9OAxxoEK9XB4uSIctZk/BH8ME31sAI54nn
 NnP24tIptq8aImIedH5S7NIiYASUhkfBPRiOxbmW38AjvvOFZ0nUWCrrWDwCTPLNf7HLz0gjo
 Q4O1gX0
Subject: Re: [PHP-DEV] PaX MPROTECT / W^X protection
From: cmbecker69@gmx.de ("Christoph M. Becker")

Thanks, Anatol and Joe!  So I'm going to document these issues, and
close the respective reports.

Cheers,
Christoph

On 13.11.2016 at 07:36, Joe Watkins wrote:

> Morning,
> 
> Just wanted to give a thumbs up to documenting the issue ...
> 
> Trying to work around it with platform/distro/kernel specific solutions,
> sounds quite horrible, and is bound to be fragile.
> 
> Cheers
> Joe
> 
> On Sat, Nov 12, 2016 at 8:25 PM, Anatol Belski <anatol.php@belski.net>
> wrote:
> 
>> Hi Christoph,
>>
>>> -----Original Message-----
>>> From: Christoph M. Becker [mailto:cmbecker69@gmx.de]
>>> Sent: Friday, November 11, 2016 7:40 PM
>>> To: internals@lists.php.net
>>> Subject: [PHP-DEV] PaX MPROTECT / W^X protection
>>>
>>> Hi!
>>>
>>> There are currently at least two unresolved tickets[1][2] in our bug
>> tracker
>>> regarding PaX MPROTECT / W^X protection issues with regard to PCRE JIT.
>> The
>>> problem is that PCRE JIT mmaps W|X pages[3], what is no longer allowed on
>>> several platforms, such as OpenBSD, FreeBSD and SELinux.  It seems that
>> there
>>> are workarounds (e.g. using paxctl to allow W|X mapping[1], or mounting
>> with
>>> wxallowed[4]), but these appear to be very system specific.
>>>
>>> My best idea to resolve the reports is to document this issue.  Maybe
>> somebody
>>> has a better idea?
>>>
>> AFM, the linked tickets are not about an issue in PHP. There are just
>> systems, or system configurations, that are very security oriented. If some
>> feature is disabled on the system level, there's not much PHP can do. To
>> compare - it were wrong same way to say atime doesn't work in PHP, if
>> indeed a volume is mounted with atime disabled. Any issue, that is only to
>> be solved by the system configuration, is a configuration issue in the most
>> case. So the documentation is probably the only what we can do in the case.
>>
>> Regrads
>>
>> Anatol
>>
>>
>>
>> --
>> PHP Internals - PHP Runtime Development Mailing List
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>