From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-3188-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1PbZSh-0004IW-WB
	for garchives@archives.gentoo.org; Sat, 08 Jan 2011 14:08:08 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 9CA9DE064A
	for <garchives@archives.gentoo.org>; Sat,  8 Jan 2011 14:08:07 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id B326DE06EE
	for <gentoo-hardened@lists.gentoo.org>; Sat,  8 Jan 2011 13:12:51 +0000 (UTC)
Received: from [192.168.3.7] (cpe-74-77-194-18.buffalo.res.rr.com [74.77.194.18])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: blueness)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 0519E1B40FE
	for <gentoo-hardened@lists.gentoo.org>; Sat,  8 Jan 2011 13:12:50 +0000 (UTC)
Message-ID: <4D2862D0.9050407@gentoo.org>
Date: Sat, 08 Jan 2011 08:12:48 -0500
From: "Anthony G. Basile" <blueness@gentoo.org>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101212 Lightning/1.0b3pre Lanikai/3.1.7
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] UDEREF vs. Apache MMAP
References: <4D27EEA5.6080301@orlitzky.com>
In-Reply-To: <4D27EEA5.6080301@orlitzky.com>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: f2919aed-b3cd-4b0b-a7e9-ee1d4e637412
X-Archives-Hash: d40f47a24ca821e9423063ae18fc7205

On 01/07/2011 11:57 PM, Michael Orlitzky wrote:
> I was able to figure out my new apache problem. It seems that
> PAX_MEMORY_UDEREF and apache's EnableMMAP directive don't get along
> sometimes:
> 
>   http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap
> 
> With UDEREF enabled and MMAP on, I get random inappropriate 206 response
> codes everywhere causing headers, images, and CSS files to fail to
> transfer properly.
> 
> This is sufficiently into the realm of what I consider voodoo. Is there
> anything I can do to help narrow down the problem, or should I just
> disable MMAP and be happy?

It sounds like a problem in the way apache is doing the mmap and PaX is
killing it.  The new stricter PaX rules don't allow the permission of
allocated pages to be changed, eg RW -> RX, or to be RWX.  This has come
up elsewhere, see

   http://bugs.gentoo.org/show_bug.cgi?id=329499

To verify my suspicion, an strace would be helpful.  If you don't mind,
open up a bug with your findings, give your emerge --info, the flags you
used with apache, and an strace of apache going bad.  This will be a
start for us.

-- 
Anthony G. Basile, Ph.D.
Gentoo Developer