[php-maint] Bug#465081: apache2.2.6/mod-php5.2.4-2+b1 [because of suhosin?] -- segmentation fault [debian testing]

Gabor FUNK FUNK.Gabor at hunetkft.hu
Sun Feb 10 15:07:28 UTC 2008


Package: libapache2-mod
Version:  5.2.4-2+b1
Severity: important

When I migrated to Apache 2.2.6-3 + PHP 5.2.4-2+b1 (mpm-prefork) from testing at about January 29, I started experiencing Apache Segmentation faults very frequently.
Using strace I narrowed down the problem's cause which was .htaccess file containing:
    php_value error_log somelogfile.log
This (relative path) was working on this very same server before the update, by that time the server was running PHP 5.2.3-1+lenny1.
I suspect this is related to the Suhosin patch, though this is just a feeling.

It seems that the updated PHP and the usage of the (previously working) "relative path"+safe mode+not www-data uid generally only creates a
"PHP Warning:  Unknown: SAFE MODE Restriction in effect.  The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0"
in the log file [note root "/"], however, under heavy stress, UID mixups occur, and eventually some of this ends up in segfaulting the apache child - [which then might
stuck in the memory and taking up heavy CPU resources].

Please note that UID (bold/red) gets screwed up too, under heavy stress [5163 is the "legal" user id for that virtual host and 5152 is a totally different and unrelated one].
[Fri Feb 01 23:10:28 2008] [error] [client 91.83.33.155] PHP Warning:  Unknown: SAFE MODE Restriction in effect.  The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0
[Fri Feb 01 23:10:29 2008] [error] [client 91.83.33.155] PHP Warning:  Unknown: SAFE MODE Restriction in effect.  The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0, [Fri Feb 01 23:10:29 2008] [error] [client 91.83.33.155] PHP Warning:  Unknown: SAFE MODE Restriction in effect.  The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0, 
[Fri Feb 01 23:10:29 2008] [error] [client 91.83.33.155] PHP Warning:  Unknown: SAFE MODE Restriction in effect.  The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0, 
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning:  Unknown: SAFE MODE Restriction in effect.  The script whose uid is 5152 is not allowed to access / owned by uid 0 in Unknown on line 0, 
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning:  Unknown: SAFE MODE Restriction in effect.  The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0, 
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning:  Unknown: SAFE MODE Restriction in effect.  The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0, 
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning:  Unknown: SAFE MODE Restriction in effect.  The script whose uid is 5152 is not allowed to access / owned by uid 0 in Unknown on line 0, 
[Fri Feb 01 23:11:39 2008] [error] [client 91.83.33.155] PHP Warning:  Unknown: SAFE MODE Restriction in effect.  The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0, 


Since this is a "production server" with heavy load, I didn't have too much resource to do thorough testing, but I was able to get some strace when segfault occurred:
[Wed Jan 30 11:38:23 2008] [notice] child pid 13940 exit signal Segmentation fault (11)

Strace excerpt from pid 13940:
accept(3, {sa_family=AF_INET, sin_port=htons(30925), sin_addr=inet_addr("212.72.104.203")}, [16]) = 980
semop(1703943, 0xb7cd1cfa, 1) = 0
gettimeofday({1201689547, 25972}, NULL) = 0
fcntl64(980, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(980, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1201689547, 28806}, NULL) = 0
read(980, "GET /components/com_virtuemart/show_image_in_imgtag.php?filename=e5017277e9d2f8df84e0c89fffe67834.jpg&newxsize=100&newys"..., 8000) = 603
gettimeofday({1201689547, 172482}, NULL) = 0
gettimeofday({1201689547, 174219}, NULL)                                                                                      = 0
gettimeofday({1201689547, 176043}, NULL)                                                                             = 0
stat64("/var/www/somedomain.hu/components/com_virtuemart/show_image_in_imgtag.php", {st_mode=S_IFREG|0640, st_size=3477, ...}) = 0
lstat64("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/var/www", {st_mode=S_IFDIR|0755, st_size=20480, ...})                             = 0
open("/var/www/.htaccess", O_RDONLY|O_LARGEFILE)                                                               = -1 ENOENT (No such file or directory)
open("/var/www/somedomain.hu/.htaccess", O_RDONLY|O_LARGEFILE)                                              = 981
fstat64(981, {st_mode=S_IFREG|0640, st_size=5014, ...})                                                                 = 0
read(981, "#agocsp\nphp_value register_globals OFF\n\nphp_flag display_errors on\n\nphp_value log_errors 1\nphp_value error_log #_php_err"..., 4096) = 4096
read(981, " the operations listed below\n## This attempts to block the most common type of exploit `attempts` to Joomla!\n#\n# Block o"..., 4096) = 918
read(981, "", 4096)                                       = 0
read(981, "", 4096)                                                                                               = 0
close(981)                                                                                                       = 0
open("/var/www/somedomain.hu/components/.htaccess", O_RDONLY|O_LARGEFILE)                                                                                                             = -1 ENOENT (No such file or directory)
open("/var/www/somedomain.hu/components/com_virtuemart/.htaccess", O_RDONLY|O_LARGEFILE)                                                                                                     = -1 ENOENT (No such file or directory)
open("/var/www/somedomain.hu/components/com_virtuemart/show_image_in_imgtag.php/.htaccess", O_RDONLY|O_LARGEFILE)                                                                                                             = -1 ENOTDIR (Not a directory)
getcwd("/", 4096)                                                                                                    = 2
lstat64("/#_php_error.log", 0xbfe2032c)                                                                                                   = -1 ENOENT (No such file or directory)
stat64("/#_php_error.log", 0xbfe254ac)                                                                                                    = -1 ENOENT (No such file or directory)
stat64("/", {st_mode=S_IFDIR|0755, st_size=4096, ...})                                                       = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
chdir("/etc/apache2") = 0
rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 0
kill(13828, SIGSEGV) = 0
sigreturn() = ? (mask now [])
--- SIGSEGV (Segmentation fault) @ 0 (0) ---

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20080210/f6a868cc/attachment.htm 


More information about the pkg-php-maint mailing list