| View previous topic :: View next topic |
| Author |
Message |
darren1234
n00b
Joined: 21 Nov 2004
Posts: 62
Location: Vancouver, Canada
|
 Posted: Mon Dec 25, 2006 9:19 pm Post subject: hardenedphp php5 apache2 x86 [SOLVED] |
 |
|
I am having trouble getting sessions working with postfixadmin and cacti that I believe may be related to hardenedphp.
Both packages display errors if the authentication is wrong, but return to their login pages without error when the login is successful. The logs (as best I can tell) show nothing of concern or interest, just the normal "GET/POST" apache log entries.
I took some code from postfixadmin and ran a test to fake logging in and reading the session data... nothing. I did try emerging php4 with the same settings as below, but that failed to work as well. Squirrelmail works fine, and so does roundcube.
Any Ideas?
I'll include my php USE settings and emerge --info results.
| Code: | | =dev-lang/php-5* cli crypt hardenedphp gd iconv imap mssql mysqli memlimit mhash sasl soap spell sqlite truetype zip pcre xml simplexml session exif gmp ctype hash expat curl |
| Code: | Portage 2.1.1-r2 (default-linux/x86/2006.1, gcc-4.1.1, glibc-2.4-r4, 2.6.18-gentoo-r3 i686)
=================================================================
System uname: 2.6.18-gentoo-r3 i686 Intel(R) Xeon(R) CPU 5110 @ 1.60GHz
Gentoo Base System version 1.12.6
Last Sync: Sun, 24 Dec 2006 22:20:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python: 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache: [Not Present]
dev-util/confcache: [Not Present]
sys-apps/sandbox: 1.2.17
sys-devel/autoconf: 2.13, 2.60
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils: 2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O3 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=pentium4 -O3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox sfperms strict"
GENTOO_MIRRORS="http://gentoo.mirrors.tera-byte.com http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"
USE="x86 alsa_cards_ali5451 alsa_cards_als4000 alsa_cards_atiixp alsa_cards_atiixp-modem alsa_cards_bt87x alsa_cards_ca0106 alsa_cards_cmipci alsa_cards_emu10k1x alsa_cards_ens1370 alsa_cards_ens1371 alsa_cards_es1938 alsa_cards_es1968 alsa_cards_fm801 alsa_cards_hda-intel alsa_cards_intel8x0 alsa_cards_intel8x0m alsa_cards_maestro3 alsa_cards_trident alsa_cards_usb-audio alsa_cards_via82xx alsa_cards_via82xx-modem alsa_cards_ymfpci alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol apache2 bzip2 elibc_glibc fam gd gif hardened hardenedphp input_devices_evdev input_devices_keyboard input_devices_mouse jpeg kernel_linux maildir memlimit mysql mysqli ncurses nls nptl nptlonly pam perl php png readline ssl unicode urandom userland_GNU video_cards_apm video_cards_ark video_cards_ati video_cards_chips video_cards_cirrus video_cards_cyrix video_cards_dummy video_cards_fbdev video_cards_glint video_cards_i128 video_cards_i740 video_cards_i810 video_cards_imstt video_cards_mga video_cards_neomagic video_cards_nsc video_cards_nv video_cards_rendition video_cards_s3 video_cards_s3virge video_cards_savage video_cards_siliconmotion video_cards_sis video_cards_sisusb video_cards_tdfx video_cards_tga video_cards_trident video_cards_tseng video_cards_v4l video_cards_vesa video_cards_vga video_cards_via video_cards_vmware video_cards_voodoo zlib"
Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
|
Last edited by darren1234 on Wed Dec 27, 2006 5:37 am; edited 1 time in total |
|
| Back to top |
|
 |
Dan
Veteran
Joined: 25 Oct 2005
Posts: 1302
|
| Posted: Tue Dec 26, 2006 6:23 pm Post subject: |
|
|
is session module loaded?
is /etc/php/apache2-php5/ext-active/session.ini there?
can you drop a phpinfo.php in a web dir and post the url ?
| Code: |
<?php
phpinfo();
?> |
|
|
| Back to top |
|
|
darren1234
n00b
Joined: 21 Nov 2004
Posts: 62
Location: Vancouver, Canada
|
| Posted: Wed Dec 27, 2006 12:00 am Post subject: |
|
|
| Code: | PHP Version 5.1.6-pl6-gentoo with Hardening-Patch 0.4.15
System Linux shel02 2.6.18-gentoo-r3 #6 SMP Tue Dec 12 15:11:56 PST 2006 i686
Build Date Dec 25 2006 11:58:25
Configure Command './configure' '/usr/lib/php5/share/config.site' '/usr/lib/php5/etc/config.site'
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /etc/php/apache2-php5/php.ini
Scan this dir for additional .ini files /etc/php/apache2-php5/ext-active
additional .ini files parsed /etc/php/apache2-php5/ext-active/zip.ini
PHP API 20041225
PHP Extension 20050922
Zend Extension 220051025
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
IPv6 Support disabled
Registered PHP Streams php, file, http, ftp, compress.bzip2, compress.zlib, https, ftps
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, convert.iconv.*, bzip2.*, zlib.*
This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies |
| Code: | SESSION
Session Support enabled
Registered save handlers files user sqlite
Registered serializer handlers php php_binary
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_strict_mode On On
session.use_trans_sid 0 0 |
| Code: | VARFILTER
Hardening-Patch's variable filter support enabled
Directive Local Value Master Value
hphp.cookie.disallow_nul 1 1
hphp.cookie.max_array_depth 100 100
hphp.cookie.max_array_index_length 64 64
hphp.cookie.max_name_length 64 64
hphp.cookie.max_totalname_length 256 256
hphp.cookie.max_value_length 10000 10000
hphp.cookie.max_vars 100 100
hphp.get.disallow_nul 1 1
hphp.get.max_array_depth 50 50
hphp.get.max_array_index_length 64 64
hphp.get.max_name_length 64 64
hphp.get.max_totalname_length 256 256
hphp.get.max_value_length 512 512
hphp.get.max_vars 100 100
hphp.post.disallow_nul 1 1
hphp.post.max_array_depth 100 100
hphp.post.max_array_index_length 64 64
hphp.post.max_name_length 64 64
hphp.post.max_totalname_length 256 256
hphp.post.max_value_length 65000 65000
hphp.post.max_vars 200 200
hphp.request.disallow_nul 1 1
hphp.request.max_array_depth 100 100
hphp.request.max_array_index_length 64 64
hphp.request.max_totalname_length 256 256
hphp.request.max_value_length 65000 65000
hphp.request.max_varname_length 64 64
hphp.request.max_vars 200 200
hphp.upload.disallow_elf_files 1 1
hphp.upload.max_uploads 25 25
hphp.upload.verification_script no value no value
varfilter.max_array_depth 100 100
varfilter.max_array_index_length 64 64
varfilter.max_request_variables 200 200
varfilter.max_totalname_length 256 256
varfilter.max_value_length 65000 65000
varfilter.max_varname_length 64 64
|
|
|
| Back to top |
|
|
darren1234
n00b
Joined: 21 Nov 2004
Posts: 62
Location: Vancouver, Canada
|
| Posted: Wed Dec 27, 2006 5:36 am Post subject: |
|
|
SOLVED
http://forum.hardened-php.net/viewtopic.php?id=71
I found the above thread that mentioned disabling the strictness of session management.
| Code: | | session.use_strict_mode = 0 |
That fixed the problem... likely lowered the strength of security a tiny bit, but it worked. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
