PHP7 w/grsecurity & anonymous mapping

9 years ago by Jacob Perkins — view source — reply

unread

Good morning!

We received a support ticket from a customer who’s using our PHP 7 binaries with Atomic Secured Linux. They are advising that our lsphp binary for PHP7 is insecure, while the other lsphp binaries for PHP 5 are ‘not insecure’. The errors the customer is getting are below

Jul 18 22:39:02 cloud1 kernel: PAX: terminating task: /opt/cpanel/ea-php70/root/usr/bin/lsphp(lsphp):2868, uid/euid: 1001/1001, PC: 0000038b2ec8a010, SP: 000003fb990df238
Jul 18 22:39:02 cloud1 kernel: PAX: From 162.158.51.199: execution attempt in: <anonymous mapping>, 328ec2bc000-328ec337000 328ec2bc000
Jul 18 22:39:02 cloud1 kernel: PAX: terminating task: /opt/cpanel/ea-php70/root/usr/bin/lsphp(lsphp):2867, uid/euid: 1001/1001, PC: 00000328ec2bc010, SP: 000003bc3fc1bb08
Jul 18 22:39:02 cloud1 kernel: PAX: bytes at PC: 41 54 41 55 41 56 41 57 53 48 8b df 48 83 ec 50 48 8b 43 10
Jul 18 22:39:02 cloud1 kernel: PAX: bytes at SP-8: 000000305a31ac60 00000328eb628caf 000000305a577f40 00000328e86f09d8 00000328e86f09d8 00000328e86f09da 000003bc3fc1bdb0 0000000000000000 0000000000000000 000f424000000002 0000003000000000
Jul 18 22:39:02 cloud1 kernel: PAX: bytes at PC: 41 54 41 55 41 56 41 57 53 48 8b df 48 83 ec 50 48 8b 43 10
Jul 18 22:39:02 cloud1 kernel: PAX: bytes at SP-8: 000000704c4f9960 0000038b2dff6caf 000000704c756ba0 0000038b2b0f09d8 0000038b2b0f09d8 0000038b2b0f09da 000003fb990df4e0 0000000000000000 0000000000000000 000f424000000002 0000007000000000
Jul 18 22:39:02 cloud1 kernel: PAX: From 162.158.51.199: execution attempt in: <anonymous mapping>, 324d5968000-324d59e3000 324d5968000
Jul 18 22:39:02 cloud1 kernel: PAX: terminating task: /opt/cpanel/ea-php70/root/usr/bin/lsphp(lsphp):2870, uid/euid: 1001/1001, PC: 00000324d5968010, SP: 000003eca6200ce8
Jul 18 22:39:02 cloud1 kernel: PAX: From 162.158.51.199: execution attempt in: <anonymous mapping>, 379109a2000-37910a1d000 379109a2000
Jul 18 22:39:02 cloud1 kernel: PAX: terminating task: /opt/cpanel/ea-php70/root/usr/bin/lsphp(lsphp):2869, uid/euid: 1001/1001, PC: 00000379109a2010, SP: 000003a17aa6b5f8
Jul 18 22:39:02 cloud1 kernel: PAX: bytes at PC: 41 54 41 55 41 56 41 57 53 48 8b df 48 83 ec 50 48 8b 43 10
Jul 18 22:39:02 cloud1 kernel: PAX: bytes at SP-8: 0000004bd46c3350 000003790fd0ecaf 0000004bd4920620 000003790cef09d8 000003790cef09d8 000003790cef09da 000003a17aa6b8a0 0000000000000000 0000000000000000 000f424000000002 0000004b00000000
Jul 18 22:39:02 cloud1 kernel: PAX: From 162.158.51.199: execution attempt in: <anonymous mapping>, 29899f75000-29899ff0000 29899f75000
Jul 18 22:39:02 cloud1 kernel: PAX: terminating task: /opt/cpanel/ea-php70/root/usr/bin/lsphp(lsphp):2871, uid/euid: 1001/1001, PC: 0000029899f75010, SP: 000003a171c15158
Jul 18 22:39:02 cloud1 kernel: PAX: bytes at PC: 41 54 41 55 41 56 41 57 53 48 8b df 48 83 ec 50 48 8b 43 10
Jul 18 22:39:02 cloud1 kernel: PAX: bytes at SP-8: 0000007f3581d550 00000298992e1caf 0000007f35a7ac90 00000298964f09d8 00000298964f09d8 00000298964f09da 000003a171c15400 0000000000000000 0000000000000000 000f424000000002 0000007f00000000
Jul 18 22:39:02 cloud1 kernel: PAX: execution attempt in: <anonymous mapping>, 3263ed56000-3263edd1000 3263ed56000
Jul 18 22:39:02 cloud1 kernel: PAX: terminating task: /opt/cpanel/ea-php70/root/usr/bin/lsphp(lsphp):2872, uid/euid: 1001/1001, PC: 000003263ed56010, SP: 000003bfce1cd868
Jul 18 22:39:02 cloud1 kernel: PAX: bytes at PC: 41 54 41 55 41 56 41 57 53 48 8b df 48 83 ec 50 48 8b 43 10

We build lsphp the exact same between PHP 5 & PHP 7 RPMs, so I’m unsure as to how we should proceed to make our PHP 7 lsphp binary ‘secure’. Is lsphp itself in PHP7 wrote differently in a way than PHP 5 that it requires this ‘anonymous mapping’, and any suggestions in making this ‘secure’ in regards to grsec?

Thanks in advance <3
—
Jacob Perkins
Product Owner
cPanel Inc.

jacob.perkins@cpanel.net mailto:jacob.perkins@cpanel.net
Office: 713-529-0800 x 4046
Cell: 713-560-8655