# libphp4.so: cannot make segment writable for relocation

## joeybravo

After upgrading apache 2.0.52 to 2.0.53,   and mod_php-4.3.9  to mod_php-4.3.11-r1

i can't start apache with mod_php enabled. 

apache2ctl -t  gives:

```

Syntax error on line 6 of /usr/lib/apache2/conf/modules.d/70_mod_php.conf:

Cannot load /usr/lib/apache2/modules/libphp4.so into server: /usr/lib/apache2/modules/libphp4.so: cannot make segment writable for relocation: Permission denied

```

other changes i made was an upgrade from hardened 2.6.10  to hardened-dev-sources-2.6.11-r1 kernel.

but i dont think kernel is the problem since i rebooted to old kernel 2.6.10 and its still giving out same error.  :Sad: 

/etc/conf.d/apache2:

```

APACHE2_OPTS="-D DAV -D DAV_FS -D AUTH_LDAP -D PHP4"

# Extended options for advanced uses of Apache ONLY

# You don't need to edit these unless you are doing crazy Apache stuff

# As not having them set correctly, or feeding in an incorrect configuration

# via them will result in Apache failing to start

# YOU HAVE BEEN WARNED.

# ServerRoot setting

SERVERROOT=/usr/lib/apache2

# MPM to use

# to get available MPMs:

#  for i in `ls /usr/sbin/apache2.*`; do echo `basename ${i/apache2./}`;done

MPM=prefork

# Configuration file location

# - If this does NOT start with a '/', then it is treated relative to

# $SERVERROOT by Apache

CONFIGFILE=conf/httpd.conf

# Location to log startup errors to

# They are normally dumped to your terminal.

STARTUPERRORLOG="/var/log/apache2/startuperror.log"

```

/usr/lib/apache2/conf/modules.d/70_mod_php.conf:

```

# vim: ft=apache sw=4 ts=4

<IfDefine PHP4>

        # Load the module first

        <IfModule !sapi_apache2.c>

               LoadModule php4_module    modules/libphp4.so

        </IfModule>

        # Set it to handle the files

        <IfModule mod_mime.c>

                AddType application/x-httpd-php .php

                AddType application/x-httpd-php .phtml

                AddType application/x-httpd-php .php3

                AddType application/x-httpd-php .php4

                AddType application/x-httpd-php-source .phps

        </IfModule>

.....

```

emerge info:

```

backup modules.d # emerge info

Portage 2.0.51.19 (hardened/x86, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.6.10-hardened2005-01-24-a i686)

=================================================================

System uname: 2.6.10-hardened2005-01-24-a i686 Pentium II (Deschutes)

Gentoo Base System version 1.4.16

Python:              dev-lang/python-2.3.4 [2.3.4 (#1, Dec 13 2004, 14:35:09)]

distcc 2.13 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]

dev-lang/python:     2.3.4

sys-devel/autoconf:  2.59-r5

sys-devel/automake:  1.8.5-r1

sys-devel/binutils:  2.14.90.0.8-r1

sys-devel/libtool:   1.5.2-r5

virtual/os-headers:  2.4.21-r1

ACCEPT_KEYWORDS="x86"

AUTOCLEAN="yes"

CFLAGS="-O2 -mcpu=i686 -fomit-frame-pointer"

CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control"

CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"

CXXFLAGS="-O2 -mcpu=i686 -fomit-frame-pointer"

DISTDIR="/usr/portage/distfiles"

FEATURES="autoaddcvs autoconfig ccache distlocks sandbox"

GENTOO_MIRRORS="http://ftp.gentoo.or.kr/ http://mirror.averse.net/pub/gentoo/ http://mirror.averse.net/pub/gentoo/ http://gentoo.gg3.net/"

MAKEOPTS="-j2"

PKGDIR="/usr/portage//packages/x86/"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

PORTDIR_OVERLAY="/usr/local/portage"

SYNC="rsync://192.168.100.19/gentoo-portage"

USE="apache2 berkdb crypt dlloader gd hardened hardenedphp imap ldap libwww maildir mysql ncurses nls no-htdocs opengl pam pdflib perl pic pie png python readline samba ssl tcpd tiff userlocales x86 xml2 zlib"

Unset:  ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS

```

Any hints?

----------

## tukachinchila

A few things jump out at me here. 

 *Quote:*   

> apache2ctl -t gives

 

You should use 

```
/etc/init.d/apache2 start
```

 instead.

 *Quote:*   

> Syntax error on line 6 of /usr/lib/apache2/conf/modules.d/70_mod_php.conf

 

With apache-2.0.53, the configuration files have been moved. So 

```
/usr/lib/apache2/conf/modules.d/70_mod_php.conf
```

 should now be located in 

```
/usr/lib/apache2/modules.d/70_mod_php.conf
```

 Running 

```
/etc/init.d/apache2 start
```

 should help you here (you may get different errors about your old configuration files being found in the old locations. Just move the whole '/etc/apache2/conf' directory to a safe location, then restart apache using the init script.

 *Quote:*   

> cannot make segment writable for relocation: Permission denied 

 

Whenever I can't write (as root), the first thing I check is how my partitions are mounted:

```
mount -l
```

 If /usr is mounted "ro" that could the problem. Do: 

```
mount -wo remount /usr
```

----------

## joeybravo

Thanks for the reply. 

 *Quote:*   

> 
> 
> You should use 
> 
> ```
> ...

 

I'm not trying to run httpd when i used this line:

```
apache2ctl -t 
```

it runs a syntax check for config files.

I have also read this:

http://dev.gentoo.org/~vericgar/doc/apache-package-refresh.html#changes

which documents new configuration layout.

my /usr/ib/apache2 contains:

```

backup apache2 # ls /usr/lib/apache2/ -l

total 2

drwxr-xr-x  2 root root  344 Apr 12 17:18 build

lrwxrwxrwx  1 root root   12 Apr 12 17:17 conf -> /etc/apache2

lrwxrwxrwx  1 root root   29 Dec 17 14:50 extramodules -> /usr/lib/apache2-extramodules

lrwxrwxrwx  1 root root    8 Apr 12 17:17 lib -> /usr/lib

lrwxrwxrwx  1 root root   16 Apr 12 17:17 logs -> /var/log/apache2

drwxr-xr-x  2 root root 1880 Apr 18 21:34 modules

```

 *Quote:*   

> 
> 
> Whenever I can't write (as root), the first thing I check is how my partitions are mounted:

 

I only have 3 partitions [ / (root)  /boot  /var ]  each one is being mounted as rw.

I haver done a rebuild of net-libs/libwww also did revdep-rebuild and 

recompiled mod_php-4.3.11-r1 several time ( USE= "-hardenedphp, -memlimit" etc.. etc..)

but still giving me same error  :Sad: 

```

backup apache2 # tail /var/log/apache2/startuperror.log

Cannot load /usr/lib/apache2/modules/libphp4.so into server: /usr/lib/apache2/modules/libphp4.so: cannot make segment writable for relocation: Permission denied

[color=blue]Syntax OK[/color]

```

Apparently the configuration syntax is OK..

currently rebuilding apache ...

I'm suspecting its the hardened-dev-sources/GRSEC/PAX thats causing this,  so just to see I tried

paxctl' ing /usr/lib/apache2/modules/libphp4.so, /usr/bin/php and even /usr/sbin/apache2 still no luck.

Any hints?[/code]

----------

## tukachinchila

I've had PaX cause some problems on my system (usually kernel panics), but it's a possibility. I've never had grsecurity cause any problems though. You said you've tried disabling PaX on a per file basis. You might try disabling it completely in the kernel to verify it's causing the error.

Actually, it looks like it probably is PaX. I just found this: http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml?style=printable#paxnoelf

When you ran paxctl, did you use the "-m" flag?

----------

## joeybravo

re-emerge of apache has completed and still no luck  :Sad: 

 *Quote:*   

> http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml?style=printable#paxnoelf 

 

Yup i've done that paxctl thing. 

I have been running hardened-dev-sources ever since, thats why I'm familiar with that document.

And its just the first time that I'm having problem with mod_php, I've spent almost a week

googling and searching this forum but i have'nt found anything like my problem.

I'm recompiling kernel now without grsec/pax, will report tomorrow if it will fix this prob.

Thanks again..

----------

## mxc

This grsec and pax is giving me headaches as well. Did you come right after disablng them?

----------

## j-m

This has nothing to do w/ apache configs, php contains textrels (see Bug 92776 but this is an upstream issue), so enabling

```
CONFIG_PAX_NOELFRELOCS=y
```

in kernel is a bad idea in this case...    :Idea: 

----------

