[php-maint] apache2.2.6/mod-php5.2.4-2+b1 [because of suhosin?] -- segmentation fault [debian testing]

Sat Feb 9 19:20:43 UTC 2008

hi gabor,

i suggest you include all this data in a bug report to the libapache2-mod-php5 
package, severity Important.  could you try building a version without 
suhosin to confirm it's a problem with suhosin and not php itself?   to 
disable suhosin you should just need to remove one line from the 
file ./debian/patches/series in the source package (it should say something 
like suhosin.patch)

i'm forwarding the mail you sent me below to the pkg-php team to see if any 
one else has observed this phenomenon.

	sean

On Saturday 09 February 2008 06:20:15 pm you wrote:
> I'm not sure where to report this, so I try to provide you some data on
> this. When I migrated to Apache 2.2.6-3 + PHP 5.2.4-2+b1 (mpm-prefork) from
> testing at about January 29, I started experiencing Apache Segmentation
> faults very frequently. Using strace I narrowed down the problem's cause
> which was .htaccess file containing: php_value error_log somelogfile.log
> Please note that this (relative path) was working on this very same server
> before the update, by that time the server was running PHP 5.2.3-1+lenny1.
> I suspect this is related to the Suhosin patch, though this is just a
> feeling.
>
> It seems that the updated PHP and the usage of the (previously working)
> "relative path"+safe mode+not www-data uid generally only creates a "PHP
> Warning:  Unknown: SAFE MODE Restriction in effect.  The script whose uid
> is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0" in
> the log file [note root "/"], however, under heavy stress, UID mixups
> occur, and eventually some of this ends up in segfaulting the apache child
> - [which then might stuck in the memory and taking up heavy CPU resources].
>
> Please note that UID (bold/red) gets screwed up too, under heavy stress
> [5163 is user http-alapitvany.hu, 5152 is a totally different and unrelated
> user id]. [Fri Feb 01 23:10:28 2008] [error] [client 91.83.33.155] PHP
> Warning:  Unknown: SAFE MODE Restriction in effect.  The script whose uid
> is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0 [Fri
> Feb 01 23:10:29 2008] [error] [client 91.83.33.155] PHP Warning:  Unknown:
> SAFE MODE Restriction in effect.  The script whose uid is 5163 is not
> allowed to access / owned by uid 0 in Unknown on line 0, referer:
> http://www.http-alapitvany.hu/cna/ [Fri Feb 01 23:10:29 2008] [error]
> [client 91.83.33.155] PHP Warning:  Unknown: SAFE MODE Restriction in
> effect.  The script whose uid is 5163 is not allowed to access / owned by
> uid 0 in Unknown on line 0, referer: http://www.http-alapitvany.hu/cna/
> [Fri Feb 01 23:10:29 2008] [error] [client 91.83.33.155] PHP Warning: 
> Unknown: SAFE MODE Restriction in effect.  The script whose uid is 5163 is
> not allowed to access / owned by uid 0 in Unknown on line 0, referer:
> http://www.http-alapitvany.hu/cna/ [Fri Feb 01 23:10:30 2008] [error]
> [client 91.83.33.155] PHP Warning:  Unknown: SAFE MODE Restriction in
> effect.  The script whose uid is 5152 is not allowed to access / owned by
> uid 0 in Unknown on line 0, referer: http://www.http-alapitvany.hu/cna/
> [Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: 
> Unknown: SAFE MODE Restriction in effect.  The script whose uid is 5163 is
> not allowed to access / owned by uid 0 in Unknown on line 0, referer:
> http://www.http-alapitvany.hu/cna/ [Fri Feb 01 23:10:30 2008] [error]
> [client 91.83.33.155] PHP Warning:  Unknown: SAFE MODE Restriction in
> effect.  The script whose uid is 5163 is not allowed to access / owned by
> uid 0 in Unknown on line 0, referer: http://www.http-alapitvany.hu/cna/
> [Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: 
> Unknown: SAFE MODE Restriction in effect.  The script whose uid is 5152 is
> not allowed to access / owned by uid 0 in Unknown on line 0, referer:
> http://www.http-alapitvany.hu/cna/ [Fri Feb 01 23:11:39 2008] [error]
> [client 91.83.33.155] PHP Warning:  Unknown: SAFE MODE Restriction in
> effect.  The script whose uid is 5163 is not allowed to access / owned by
> uid 0 in Unknown on line 0, referer: http://www.http-alapitvany.hu/cna/
>
>
> Since this is a "production server" with heavy load, I didn't have too much
> resource to do thorough testing, but I was able to get some strace when
> segfault occurred: [Wed Jan 30 11:31:08 2008] [notice] child pid 26570 exit
> signal Segmentation fault (11) [Wed Jan 30 11:32:23 2008] [notice] child
> pid 26622 exit signal Segmentation fault (11) [Wed Jan 30 11:32:24 2008]
> [notice] child pid 26569 exit signal Segmentation fault (11) [Wed Jan 30
> 11:34:38 2008] [notice] child pid 4538 exit signal Segmentation fault (11)
> [Wed Jan 30 11:36:42 2008] [notice] child pid 4539 exit signal Segmentation
> fault (11)
>
> [Wed Jan 30 11:38:23 2008] [notice] child pid 13940 exit signal
> Segmentation fault (11) [strace attached - 89K]
>
> [Wed Jan 30 11:39:07 2008] [notice] child pid 13828 exit signal
> Segmentation fault (11) [strace available if needed - 700K]
>
> [Wed Jan 30 11:40:13 2008] [notice] child pid 13858 exit signal
> Segmentation fault (11) [Wed Jan 30 11:43:16 2008] [notice] child pid 13867
> exit signal Segmentation fault (11) [Wed Jan 30 11:43:19 2008] [notice]
> child pid 15516 exit signal Segmentation fault (11) [Wed Jan 30 11:52:25
> 2008] [notice] child pid 7406 exit signal Segmentation fault (11) [Thu Jan
> 31 10:23:59 2008] [notice] child pid 21066 exit signal Segmentation fault
> (11) [Thu Jan 31 21:41:07 2008] [notice] child pid 26627 exit signal
> Segmentation fault (11) [Fri Feb 01 23:10:29 2008] [notice] child pid 11888
> exit signal Segmentation fault (11)
>
>
> Strace excerpt from pid 13940:
> accept(3, {sa_family=AF_INET, sin_port=htons(30925),
> sin_addr=inet_addr("212.72.104.203")}, [16]) = 980 semop(1703943,
> 0xb7cd1cfa, 1) = 0
> gettimeofday({1201689547, 25972}, NULL) = 0
> fcntl64(980, F_GETFL) = 0x2 (flags O_RDWR)
> fcntl64(980, F_SETFL, O_RDWR|O_NONBLOCK) = 0
> gettimeofday({1201689547, 28806}, NULL) = 0
> read(980, "GET
> /components/com_virtuemart/show_image_in_imgtag.php?filename=e5017277e9d2f8
>df84e0c89fffe67834.jpg&newxsize=100&newys"..., 8000) = 603
> gettimeofday({1201689547, 172482}, NULL) = 0
> gettimeofday({1201689547, 174219}, NULL)                                   
>                                                   = 0
> gettimeofday({1201689547, 176043}, NULL)                                   
>                                          = 0
> stat64("/var/www/mekka.hu/components/com_virtuemart/show_image_in_imgtag.ph
>p", {st_mode=S_IFREG|0640, st_size=3477, ...}) = 0 lstat64("/var",
> {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> lstat64("/var/www", {st_mode=S_IFDIR|0755, st_size=20480, ...})            
>                 = 0 open("/var/www/.htaccess", O_RDONLY|O_LARGEFILE)       
>                                                        = -1 ENOENT (No such
> file or directory) open("/var/www/mekka.hu/.htaccess",
> O_RDONLY|O_LARGEFILE)                                              = 981
> fstat64(981, {st_mode=S_IFREG|0640, st_size=5014, ...})                    
>                                             = 0 read(981,
> "#agocsp\nphp_value register_globals OFF\n\nphp_flag display_errors
> on\n\nphp_value log_errors 1\nphp_value error_log #_php_err"..., 4096) =
> 4096 read(981, " the operations listed below\n## This attempts to block the
> most common type of exploit `attempts` to Joomla!\n#\n# Block o"..., 4096)
> = 918 read(981, "", 4096)                                       = 0
> read(981, "", 4096)                                                        
>                                       = 0 close(981)                       
>                                                                            
>    = 0 open("/var/www/mekka.hu/components/.htaccess", O_RDONLY|O_LARGEFILE)
>                                                                            
>                                 = -1 ENOENT (No such file or directory)
> open("/var/www/mekka.hu/components/com_virtuemart/.htaccess",
> O_RDONLY|O_LARGEFILE)                                                      
>                                               = -1 ENOENT (No such file or
> directory)
> open("/var/www/mekka.hu/components/com_virtuemart/show_image_in_imgtag.php/
>.htaccess", O_RDONLY|O_LARGEFILE)                                           
>                                                                  = -1
> ENOTDIR (Not a directory) getcwd("/", 4096)                                
>                                                                    = 2
> lstat64("/#_php_error.log", 0xbfe2032c)                                    
>                                                               = -1 ENOENT
> (No such file or directory) stat64("/#_php_error.log", 0xbfe254ac)         
>                                                                            
>               = -1 ENOENT (No such file or directory) stat64("/",
> {st_mode=S_IFDIR|0755, st_size=4096, ...})                                 
>                      = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> chdir("/etc/apache2") = 0
> rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 0
> kill(13828, SIGSEGV) = 0
> sigreturn() = ? (mask now [])
> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
>
>
> Please let me know if I can help you with more information on this issue.
>
> Regards,
> Gabor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20080209/8e0e3148/attachment.pgp 