Re: [mod-security-users] more questions around PCRE mismatch
Brought to you by:
victorhora,
zimmerletw
From: Ives S. <ive...@gm...> - 2012-10-23 00:15:31
|
One would think. I've read the mod_security error correctly, it was compiled with 6.6, but is linking to 5.0 ("loaded version = 5.0") But the only version I can find anywhere on the file system is 6.6. How do I figure out where mod_security is getting 5.0 from? On Mon, Oct 22, 2012 at 7:58 PM, Breno Silva <bre...@gm...> wrote: > Hello Ives, > > Right, you have different pcre lib versions linked and compiled. I would > suggest you use the same version in apache and modsecurity. > > Thanks > > Breno > > > On Mon, Oct 22, 2012 at 6:34 PM, Ives Stoddard <ive...@gm...>wrote: > >> Breno, >> >> Here's the error message... >> >> [Thu Oct 18 13:21:49 2012] [notice] ModSecurity for Apache/2.6.0 ( >> http://www.modsecurity.org/) configured. >> [Thu Oct 18 13:21:49 2012] [notice] ModSecurity: APR compiled >> version="1.4.5"; loaded version="1.4.5" >> [Thu Oct 18 13:21:49 2012] [notice] ModSecurity: PCRE compiled >> version="6.6"; loaded version="5.0 13-Sep-2004" >> [Thu Oct 18 13:21:49 2012] [warn] ModSecurity: Loaded PCRE do not match >> with compiled! >> [Thu Oct 18 13:21:49 2012] [notice] ModSecurity: LIBXML compiled >> version="2.6.26" >> >> And info about the version of pcre that's installed (rhel5)... >> >> $ rpm -qa |grep pcre >> pcre-6.6-6.el5_6.1 >> >> $ rpm -q –provides --filesbypkg pcre >> >> libpcre.so.0()(64bit) >> libpcrecpp.so.0()(64bit) >> libpcreposix.so.0()(64bit) >> pcre = 6.6-6.el5_6.1_x86_64 >> pcre /lib64/libpcre.so.0 >> pcre /lib64/libpcre.so.0.0.1 >> pcre /usr/bin/pcregrep >> pcre /usr/bin/pcretest >> pcre /usr/lib64/libpcrecpp.so.0 >> pcre /usr/lib64/libpcrecpp.so.0.0.0 >> pcre /usr/lib64/libpcreposix.so.0 >> pcre /usr/lib64/libpcreposix.so.0.0.0 >> pcre /usr/share/doc/pcre-6.6 >> pcre /usr/share/doc/pcre-6.6/AUTHORS >> pcre /usr/share/doc/pcre-6.6/LICENCE >> pcre /usr/share/man/man1/pcregrep.1.gz >> pcre /usr/share/man/man1/pcretest.1.gz >> >> libpcre.so.0 >> libpcrecpp.so.0 >> libpcreposix.so.0 >> pcre = 6.6-6.el5_6.1_x86 >> pcre /lib/libpcre.so.0 >> pcre /lib/libpcre.so.0.0.1 >> pcre /usr/bin/pcregrep >> pcre /usr/bin/pcretest >> pcre /usr/lib/libpcrecpp.so.0 >> pcre /usr/lib/libpcrecpp.so.0.0.0 >> pcre /usr/lib/libpcreposix.so.0 >> pcre /usr/lib/libpcreposix.so.0.0.0 >> pcre /usr/share/doc/pcre-6.6 >> pcre /usr/share/doc/pcre-6.6/AUTHORS >> pcre /usr/share/doc/pcre-6.6/LICENCE >> pcre /usr/share/man/man1/pcregrep.1.gz >> pcre /usr/share/man/man1/pcretest.1.gz >> >> $ pcretest -C >> PCRE version 6.6 06-Feb-2006 >> Compiled with >> UTF-8 support >> Unicode properties support >> Newline character is LF >> Internal link size = 2 >> POSIX malloc threshold = 10 >> Default match limit = 10000000 >> Default recursion depth limit = 10000000 >> Match recursion uses stack >> >> $ ldd /usr/local/apache2/bin/httpd >> linux-vdso.so.1 => (0x00007fffc0f99000) >> libm.so.6 => /lib64/libm.so.6 (0x00000036b0800000) >> libaprutil-1.so.0 => /usr/local/apache2/lib/libaprutil-1.so.0 >> (0x00002ab3f9944000) >> libapr-1.so.0 => /usr/local/apache2/lib/libapr-1.so.0 >> (0x00002ab3f9b65000) >> libexpat.so.0 => /lib64/libexpat.so.0 (0x00000036b2000000) >> librt.so.1 => /lib64/librt.so.1 (0x00000036b1400000) >> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00000036b1800000) >> libpthread.so.0 => /lib64/libpthread.so.0 (0x00000036b0000000) >> libdl.so.2 => /lib64/libdl.so.2 (0x00000036afc00000) >> libc.so.6 => /lib64/libc.so.6 (0x00000036af800000) >> /lib64/ld-linux-x86-64.so.2 (0x00000036af400000) >> >> $ ldd /usr/local/apache2/modules/mod_security2.so >> ldd: warning: you do not have execution permission for >> `/usr/local/apache2/modules/mod_security2.so' >> linux-vdso.so.1 => (0x00007fffa1874000) >> librt.so.1 => /lib64/librt.so.1 (0x00002b0243084000) >> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002b024328e000) >> libpthread.so.0 => /lib64/libpthread.so.0 (0x00002b02434c6000) >> libdl.so.2 => /lib64/libdl.so.2 (0x00002b02436e1000) >> libexpat.so.0 => /lib64/libexpat.so.0 (0x00002b02438e6000) >> libapr-1.so.0 => /usr/local/apache2/lib/libapr-1.so.0 >> (0x00002b0243b09000) >> libaprutil-1.so.0 => /usr/local/apache2/lib/libaprutil-1.so.0 >> (0x00002b0243d35000) >> libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00002b0243f56000) >> libz.so.1 => /usr/lib64/libz.so.1 (0x00002b0244293000) >> libm.so.6 => /lib64/libm.so.6 (0x00002b02444a7000) >> libc.so.6 => /lib64/libc.so.6 (0x00002b024472b000) >> /lib64/ld-linux-x86-64.so.2 (0x00000036af400000) >> >> $ /sbin/ldconfig -p |grep pcre >> libpcreposix.so.0 (libc6,x86-64) => /usr/lib64/libpcreposix.so.0 >> libpcreposix.so.0 (libc6) => /usr/lib/libpcreposix.so.0 >> libpcrecpp.so.0 (libc6,x86-64) => /usr/lib64/libpcrecpp.so.0 >> libpcrecpp.so.0 (libc6) => /usr/lib/libpcrecpp.so.0 >> libpcre.so.0 (libc6,x86-64) => /lib64/libpcre.so.0 >> libpcre.so.0 (libc6) => /lib/libpcre.so.0 >> >> $ sudo find / -name "*pcre*" -exec ls -1 {} \; >> /lib/libpcre.so.0.0.1 >> /lib/libpcre.so.0 -> libpcre.so.0.0.1 >> /usr/lib/libpcreposix.so.0 -> libpcreposix.so.0.0.0 >> /usr/lib/libpcreposix.so.0.0.0 >> /usr/lib/libpcrecpp.so.0.0.0 >> /usr/lib/libpcrecpp.so.0 -> libpcrecpp.so.0.0.0 >> /usr/bin/pcregrep >> /usr/bin/pcretest >> /usr/lib64/libpcreposix.so.0 -> libpcreposix.so.0.0.0 >> /usr/lib64/libpcreposix.so.0.0.0 >> /usr/lib64/libpcrecpp.so.0.0.0 >> /usr/lib64/libpcrecpp.so.0 -> libpcrecpp.so.0.0.0 >> /lib64/libpcre.so.0.0.1 >> /lib64/libpcre.so.0 -> libpcre.so.0.0.1 >> >> >> -ives >> >> >> >> On Mon, Oct 22, 2012 at 3:11 PM, Breno Silva <bre...@gm...>wrote: >> >>> Hello Ives, >>> >>> Can you send me your error.log ? There is a known issue treating PCRE >>> version 8.02. ModSecurity can alert you for wrong PCRE version when it is >>> OK. >>> >>> yes, use different compiled/linked version between Apache and >>> ModSecurity may cause segfaults. It is not very common but can happen. >>> >>> Thanks >>> >>> Breno >>> >>> On Mon, Oct 22, 2012 at 2:03 PM, Ives Stoddard <ive...@gm...>wrote: >>> >>>> I've been reading a lot of posts about PCRE mismatches, and the recent >>>> patch to fix this, but it seems like there are cases this may or may not be >>>> a problem. >>>> >>>> At best this is just an annoyance in the log files, but at worst this >>>> can cause core dumps of apache. >>>> >>>> I have both apache and mod_sec set to use the OS pcre & apr libs (both >>>> from RHEL 5.8), but I still get the mismatch errors. The team that builds >>>> our internal apache distribution has confirmed they are dynamically linked >>>> via ld (which shows matching libs). >>>> >>>> In this scenario, what would cause the pcre mismatch error? >>>> >>>> In what cases can the mismatch prove fatal vs. which cases is it just a >>>> false alarm? How can I test for the fatal cases? >>>> >>>> Many thanks, >>>> >>>> Ives >>>> >>>> >> > |