Re: [mod-security-users] more questions around PCRE mismatch

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

One would think.

I've read the mod_security error correctly, it was compiled with 6.6, but
is linking to 5.0 ("loaded version = 5.0")

But the only version I can find anywhere on the file system is 6.6.

How do I figure out where mod_security is getting 5.0 from?

On Mon, Oct 22, 2012 at 7:58 PM, Breno Silva <bre...@gm...> wrote:

> Hello Ives,
>
> Right, you have different pcre lib versions linked and compiled. I would
> suggest you use the same version in apache and modsecurity.
>
> Thanks
>
> Breno
>
>
> On Mon, Oct 22, 2012 at 6:34 PM, Ives Stoddard <ive...@gm...>wrote:
>
>> Breno,
>>
>> Here's the error message...
>>
>> [Thu Oct 18 13:21:49 2012] [notice] ModSecurity for Apache/2.6.0 (
>> http://www.modsecurity.org/) configured.
>> [Thu Oct 18 13:21:49 2012] [notice] ModSecurity: APR compiled
>> version="1.4.5"; loaded version="1.4.5"
>> [Thu Oct 18 13:21:49 2012] [notice] ModSecurity: PCRE compiled
>> version="6.6"; loaded version="5.0 13-Sep-2004"
>> [Thu Oct 18 13:21:49 2012] [warn] ModSecurity: Loaded PCRE do not match
>> with compiled!
>> [Thu Oct 18 13:21:49 2012] [notice] ModSecurity: LIBXML compiled
>> version="2.6.26"
>>
>> And info about the version of pcre that's installed (rhel5)...
>>
>> $ rpm -qa |grep pcre
>> pcre-6.6-6.el5_6.1
>>
>> $ rpm -q –provides --filesbypkg pcre
>>
>> libpcre.so.0()(64bit)
>> libpcrecpp.so.0()(64bit)
>> libpcreposix.so.0()(64bit)
>> pcre = 6.6-6.el5_6.1_x86_64
>> pcre                      /lib64/libpcre.so.0
>> pcre                      /lib64/libpcre.so.0.0.1
>> pcre                      /usr/bin/pcregrep
>> pcre                      /usr/bin/pcretest
>> pcre                      /usr/lib64/libpcrecpp.so.0
>> pcre                      /usr/lib64/libpcrecpp.so.0.0.0
>> pcre                      /usr/lib64/libpcreposix.so.0
>> pcre                      /usr/lib64/libpcreposix.so.0.0.0
>> pcre                      /usr/share/doc/pcre-6.6
>> pcre                      /usr/share/doc/pcre-6.6/AUTHORS
>> pcre                      /usr/share/doc/pcre-6.6/LICENCE
>> pcre                      /usr/share/man/man1/pcregrep.1.gz
>> pcre                      /usr/share/man/man1/pcretest.1.gz
>>
>> libpcre.so.0
>> libpcrecpp.so.0
>> libpcreposix.so.0
>> pcre = 6.6-6.el5_6.1_x86
>> pcre                      /lib/libpcre.so.0
>> pcre                      /lib/libpcre.so.0.0.1
>> pcre                      /usr/bin/pcregrep
>> pcre                      /usr/bin/pcretest
>> pcre                      /usr/lib/libpcrecpp.so.0
>> pcre                      /usr/lib/libpcrecpp.so.0.0.0
>> pcre                      /usr/lib/libpcreposix.so.0
>> pcre                      /usr/lib/libpcreposix.so.0.0.0
>> pcre                      /usr/share/doc/pcre-6.6
>> pcre                      /usr/share/doc/pcre-6.6/AUTHORS
>> pcre                      /usr/share/doc/pcre-6.6/LICENCE
>> pcre                      /usr/share/man/man1/pcregrep.1.gz
>> pcre                      /usr/share/man/man1/pcretest.1.gz
>>
>> $ pcretest -C
>> PCRE version 6.6 06-Feb-2006
>> Compiled with
>>   UTF-8 support
>>   Unicode properties support
>>   Newline character is LF
>>   Internal link size = 2
>>   POSIX malloc threshold = 10
>>   Default match limit = 10000000
>>   Default recursion depth limit = 10000000
>>   Match recursion uses stack
>>
>> $ ldd /usr/local/apache2/bin/httpd
>>         linux-vdso.so.1 =>  (0x00007fffc0f99000)
>>         libm.so.6 => /lib64/libm.so.6 (0x00000036b0800000)
>>         libaprutil-1.so.0 => /usr/local/apache2/lib/libaprutil-1.so.0
>> (0x00002ab3f9944000)
>>         libapr-1.so.0 => /usr/local/apache2/lib/libapr-1.so.0
>> (0x00002ab3f9b65000)
>>         libexpat.so.0 => /lib64/libexpat.so.0 (0x00000036b2000000)
>>         librt.so.1 => /lib64/librt.so.1 (0x00000036b1400000)
>>         libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00000036b1800000)
>>         libpthread.so.0 => /lib64/libpthread.so.0 (0x00000036b0000000)
>>         libdl.so.2 => /lib64/libdl.so.2 (0x00000036afc00000)
>>         libc.so.6 => /lib64/libc.so.6 (0x00000036af800000)
>>         /lib64/ld-linux-x86-64.so.2 (0x00000036af400000)
>>
>> $ ldd /usr/local/apache2/modules/mod_security2.so
>> ldd: warning: you do not have execution permission for
>> `/usr/local/apache2/modules/mod_security2.so'
>>         linux-vdso.so.1 =>  (0x00007fffa1874000)
>>         librt.so.1 => /lib64/librt.so.1 (0x00002b0243084000)
>>         libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002b024328e000)
>>         libpthread.so.0 => /lib64/libpthread.so.0 (0x00002b02434c6000)
>>         libdl.so.2 => /lib64/libdl.so.2 (0x00002b02436e1000)
>>         libexpat.so.0 => /lib64/libexpat.so.0 (0x00002b02438e6000)
>>         libapr-1.so.0 => /usr/local/apache2/lib/libapr-1.so.0
>> (0x00002b0243b09000)
>>         libaprutil-1.so.0 => /usr/local/apache2/lib/libaprutil-1.so.0
>> (0x00002b0243d35000)
>>         libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00002b0243f56000)
>>         libz.so.1 => /usr/lib64/libz.so.1 (0x00002b0244293000)
>>         libm.so.6 => /lib64/libm.so.6 (0x00002b02444a7000)
>>         libc.so.6 => /lib64/libc.so.6 (0x00002b024472b000)
>>          /lib64/ld-linux-x86-64.so.2 (0x00000036af400000)
>>
>> $ /sbin/ldconfig -p |grep pcre
>>         libpcreposix.so.0 (libc6,x86-64) => /usr/lib64/libpcreposix.so.0
>>         libpcreposix.so.0 (libc6) => /usr/lib/libpcreposix.so.0
>>         libpcrecpp.so.0 (libc6,x86-64) => /usr/lib64/libpcrecpp.so.0
>>         libpcrecpp.so.0 (libc6) => /usr/lib/libpcrecpp.so.0
>>         libpcre.so.0 (libc6,x86-64) => /lib64/libpcre.so.0
>>         libpcre.so.0 (libc6) => /lib/libpcre.so.0
>>
>> $ sudo find / -name "*pcre*" -exec ls -1 {} \;
>> /lib/libpcre.so.0.0.1
>> /lib/libpcre.so.0 -> libpcre.so.0.0.1
>> /usr/lib/libpcreposix.so.0 -> libpcreposix.so.0.0.0
>> /usr/lib/libpcreposix.so.0.0.0
>> /usr/lib/libpcrecpp.so.0.0.0
>> /usr/lib/libpcrecpp.so.0 -> libpcrecpp.so.0.0.0
>> /usr/bin/pcregrep
>> /usr/bin/pcretest
>> /usr/lib64/libpcreposix.so.0 -> libpcreposix.so.0.0.0
>> /usr/lib64/libpcreposix.so.0.0.0
>> /usr/lib64/libpcrecpp.so.0.0.0
>> /usr/lib64/libpcrecpp.so.0 -> libpcrecpp.so.0.0.0
>> /lib64/libpcre.so.0.0.1
>> /lib64/libpcre.so.0 -> libpcre.so.0.0.1
>>
>>
>> -ives
>>
>>
>>
>> On Mon, Oct 22, 2012 at 3:11 PM, Breno Silva <bre...@gm...>wrote:
>>
>>> Hello Ives,
>>>
>>> Can you send me your error.log ? There is a known issue treating PCRE
>>> version 8.02. ModSecurity can alert you for wrong PCRE version when it is
>>> OK.
>>>
>>> yes, use different compiled/linked version between Apache and
>>> ModSecurity may cause segfaults. It is not very common but can happen.
>>>
>>> Thanks
>>>
>>> Breno
>>>
>>> On Mon, Oct 22, 2012 at 2:03 PM, Ives Stoddard <ive...@gm...>wrote:
>>>
>>>> I've been reading a lot of posts about PCRE mismatches, and the recent
>>>> patch to fix this, but it seems like there are cases this may or may not be
>>>> a problem.
>>>>
>>>> At best this is just an annoyance in the log files, but at worst this
>>>> can cause core dumps of apache.
>>>>
>>>> I have both apache and mod_sec set to use the OS pcre & apr libs (both
>>>> from RHEL 5.8), but I still get the mismatch errors. The team that builds
>>>> our internal apache distribution has confirmed they are dynamically linked
>>>> via ld (which shows matching libs).
>>>>
>>>> In this scenario, what would cause the pcre mismatch error?
>>>>
>>>> In what cases can the mismatch prove fatal vs. which cases is it just a
>>>> false alarm? How can I test for the fatal cases?
>>>>
>>>> Many thanks,
>>>>
>>>> Ives
>>>>
>>>>
>>
>