Questions[pcre](server)

In ModSecurity there are PCRE limits exceeded errors.

I know I can fix this by setting rules such as:

SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000

But, what are these rules actually doing? What does the PCRE limit recursion set to 150,000 mean? What security holes am I allowing through by setting these so high? What does the recursion and limit mean?

I know there is documentation, but the documentation doesn't actually tell me what is going on, it simply tells me how to work with the directives.

Just about on every request I am getting the following error:

Rule execution error - PCRE limits exceeded (-8): (null).

After a bunch of googling the only solutions seem to be

a) Add the following in your httpd.conf

SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000

b) Add the following to your php.ini

pcre.backtrack_limit = 10000000
pcre.recursion_limit = 10000000

c) Use a version that was compiled with -disable-pcre-match-limit option.

I am running the following:

ModSecurity for Apache/2.5.12 (http://www.modsecurity.org/).

Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze8 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8

For ModSec my rules, I am using the OWASP ModSecurity Core Rule Set Project version (CRS) version 2.2.3 which is the newest as of this posting.

My httpd.conf consists of essentially:

<IfModule security2_module>
    SecUploadDir /var/asl/data/suspicious
    SecDataDir /var/asl/data/msa
    SecTmpDir /tmp
    SecAuditLogStorageDir /var/asl/data/audit

    Include modsecurity.d/modsecurity_crs_10_config.conf
    Include modsecurity.d/activated_rules/*.conf

    SecRuleEngine On

    # Debug log
    SecDebugLog /var/log/apache2/modsec_debug.log
    SecDebugLogLevel 3

    # Serial audit log
    SecAuditEngine RelevantOnly
    SecAuditLogRelevantStatus ^5
    SecAuditLogParts ABIFHZ
    SecAuditLogType Serial
    SecAuditLog /var/log/apache2/modsec_audit.log

    SecPcreMatchLimit 150000
    SecPcreMatchLimitRecursion 150000

</IfModule>


<IfModule mod_php5.c>
    php_admin_flag pcre.backtrack_limit 10000000
    php_admin_flag pcre.recursion_limit 10000000
</IfModule>

Of which inside my modsecurity.d directory is just all the default rules CRS has in their install file. I have also set the pcre limits to 150000000 and 100000000000 and more, but to no available.

So in conclusion:

solutions a and b are not working, and I prefer greatly not to do c...as I don't really understand/like compiling.

Anyone have any other ideas?

This is less a question about PCRE, and more a question about updating shared libraries. The distribution of CentOS I'm running only allows for yum upgrades to version 6.6, or somewhere similar.

I'm installing an issue tracker that requires PCRE version 8.0+. I cannot uninstall the current 6.6 version of PCRE, as nearly everything depends on it, and the system would break.

Thus, I compiled and installed PCRE 8.12 from source, but even though pcretest -C showed the new version, a call to php_info() on my test page indicates that the 6.6 libraries are still being loaded. I found a link to a site suggesting how to swap out the old libraries for the new ones.

In doing so, I think something's not quite right. A few commands are reporting issues:

/usr/bin/php: error while loading shared libraries: libpcre.so.0: cannot open shared object file: No such file or directory

What exactly should I do to fix the issue? I'm not very familiar with shared/dynamic libraries. I have the following files:

[root@vps tracker]# find / -name libpcre.so* -exec ls -l '{}' \;
lrwxrwxrwx 2 root root 16 Jul 14 07:53 /lib64/libpcre.so.0 -> libpcre.so.0.0.1
lrwxrwxrwx 1 root root 16 Jul 14 07:53 /usr/local/lib/libpcre.so.0 -> libpcre.so.0.0.1
-rwxr-xr-x 1 root root 116790 Jul 14 07:53 /usr/local/lib/libpcre.so.0.0.1
lrwxrwxrwx 2 root root 16 Jul 14 07:53 /usr/local/lib/libpcre.so -> libpcre.so.0.0.1
lrwxrwxrwx 1 root root 16 Jul 14 07:16 /root/pcre-8.12/.libs/libpcre.so.0 -> libpcre.so.0.0.1
-rwxr-xr-x 1 root root 116790 Jul 14 07:16 /root/pcre-8.12/.libs/libpcre.so.0.0.1
lrwxrwxrwx 1 root root 16 Jul 14 07:16 /root/pcre-8.12/.libs/libpcre.so -> libpcre.so.0.0.1

This is my PHP setup

##################################################################
# setup PHP
##################################################################

# we use this to make inline CSS in newsletter
yum install php php-tidy php-xml php-xmlrpc php-gd -y

# if make is missing
yum install gcc automake autoconf libtool make -y

# configuring php pecl http
yum install zlib-devel curl-devel php-devel php-pear -y

# required by phpMyAdmin
yum install php-mcrypt php-mbstring php-bcmath pcre -y

pecl channel-update pecl.php.net
pecl upgrade

pecl install bbcode
pecl install pecl_http
pecl install apc
pecl install oauth

# add to /etc/php.ini

extension=bbcode.so
extension=http.so
extension=apc.so
extension=oauth.so

apc.shm_size="128MB"

Unfortunately, when I run

pecl install oauth

I get:

[root@server ~]# pecl install oauth
downloading oauth-1.1.0.tgz ...
Starting to download oauth-1.1.0.tgz (44,731 bytes)
............done: 44,731 bytes
6 source files, building
ERROR: could not chdir to /var/tmp/oauth/examples

Well, say I create the directory.

[root@server ~]# mkdir /var/tmp/oauth
[root@server ~]# mkdir /var/tmp/oauth/examples
[root@server ~]# pecl install oauth
downloading oauth-1.1.0.tgz ...
Starting to download oauth-1.1.0.tgz (44,731 bytes)
............done: 44,731 bytes
6 source files, building
running: phpize
Cannot find config.m4.
Make sure that you run '/usr/bin/phpize' in the top level source directory of the module

ERROR: `phpize' failed
[root@server ~]# 

uh. I give up on this one. Been trying to fix it for the last few hours.

More info.

[root@server ~]# phpize -v
Configuring for:
PHP Api Version:         20090626
Zend Module Api No:      20090626
Zend Extension Api No:   220090626

And

[root@server ~]# find / -name "config.m4"
[root@server ~]# 

What can I do? Even "yum" is not available.