Morning, Just wanted to give a thumbs up to documenting the issue ...
Trying to work around it with platform/distro/kernel specific solutions, sounds quite horrible, and is bound to be fragile. Cheers Joe On Sat, Nov 12, 2016 at 8:25 PM, Anatol Belski <anatol....@belski.net> wrote: > Hi Christoph, > > > -----Original Message----- > > From: Christoph M. Becker [mailto:cmbecke...@gmx.de] > > Sent: Friday, November 11, 2016 7:40 PM > > To: internals@lists.php.net > > Subject: [PHP-DEV] PaX MPROTECT / W^X protection > > > > Hi! > > > > There are currently at least two unresolved tickets[1][2] in our bug > tracker > > regarding PaX MPROTECT / W^X protection issues with regard to PCRE JIT. > The > > problem is that PCRE JIT mmaps W|X pages[3], what is no longer allowed on > > several platforms, such as OpenBSD, FreeBSD and SELinux. It seems that > there > > are workarounds (e.g. using paxctl to allow W|X mapping[1], or mounting > with > > wxallowed[4]), but these appear to be very system specific. > > > > My best idea to resolve the reports is to document this issue. Maybe > somebody > > has a better idea? > > > AFM, the linked tickets are not about an issue in PHP. There are just > systems, or system configurations, that are very security oriented. If some > feature is disabled on the system level, there's not much PHP can do. To > compare - it were wrong same way to say atime doesn't work in PHP, if > indeed a volume is mounted with atime disabled. Any issue, that is only to > be solved by the system configuration, is a configuration issue in the most > case. So the documentation is probably the only what we can do in the case. > > Regrads > > Anatol > > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > >
