[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problem with interbase (firebird-1.5) on FC4 box, httpd-2.0.54, php-interbase-5.0.4-10.5



Hello again,

execstack -c /usr/lib/modules/interbase.so does not solve the problem, 
execstack -s and -c show the same behaviour (same error message, see below). 

Maybe some more information:
ls -Z for interbase shows:
-rwxr-xr-x  root     root     system_u:object_r:lib_t interbase.so

BTW: /usr/lib/httpd/libphp5.so has the same context data:
-rwxr-xr-x  root     root     system_u:object_r:lib_t libphp5.so

(shouldn't it be -> t=httpd_modules_t ?)

Tell me if you need more input to solve the problem...

Daniel




> Daniel Paul wrote:
> > Hello there,
> >
> > because I need interbase (firebird) support in php, I recompiled the
> > actual php-5.0.4-10.5 package with interbase support
> > (--with-interbase=shared). When I start httpd there is the following
> > message in error_log:
> >
> > PHP Warning:  PHP Startup: Unable to load dynamic library
> > '/usr/lib/php/modules/interbase.so' - object requires: cannot enable
> > executable stack as shared object requires: Permission denied in Unknown
> > on line 0
>
> try
>
> execstack -c  /usr/lib/php/modules/interbase.so
>
> execstack is a security problem
>
> http://people.redhat.com/drepper/selinux-mem.html
>
> > phpinfo() shows that php has read the interbase.ini file which contains a
> > reference to the interbase.so module, but interbase support is disabled
> > (nothing shows up regarding interbase). With selinux set to permissive
> > mode (instead of enforcing), there is no such message and phpinfo() shows
> > me, that interbase support is enabled.
> >
> > audit.log shows the following:
> >
> > type=AVC msg=audit(1138630853.033:10): avc:  denied  { execstack } for
> > pid=1886 comm="httpd" scontext=root:system_r:httpd_t
> > tcontext=root:system_r:httpd_t tclass=process
> > type=SYSCALL msg=audit(1138630853.033:10): arch=40000003 syscall=125
> > success=no exit=-13 a0=bf8a3000 a1=1000 a2=1000007 a3=d5a000 items=0
> > pid=1886 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> > comm="httpd" exe="/usr/sbin/httpd"
> >
> > Any help would be truly appreciated.
> >
> > Thanks in advance,
> >
> > Daniel
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list redhat com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]