Package: libapache2-mod
Version: 5.2.4-2+b1
Severity: important
When I migrated to Apache 2.2.6-3 + PHP 5.2.4-2+b1 (mpm-prefork) from testing
at about January 29, I started experiencing Apache Segmentation faults very
frequently.
Using strace I narrowed down the problem's cause which was .htaccess file
containing:
php_value error_log somelogfile.log
This (relative path) was working on this very same server before the update, by
that time the server was running PHP 5.2.3-1+lenny1.
I suspect this is related to the Suhosin patch, though this is just a feeling.
It seems that the updated PHP and the usage of the (previously working)
"relative path"+safe mode+not www-data uid generally only creates a
"PHP Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid
is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0"
in the log file [note root "/"], however, under heavy stress, UID mixups occur,
and eventually some of this ends up in segfaulting the apache child - [which
then might
stuck in the memory and taking up heavy CPU resources].
Please note that UID (bold/red) gets screwed up too, under heavy stress [5163
is the "legal" user id for that virtual host and 5152 is a totally different
and unrelated one].
[Fri Feb 01 23:10:28 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed
to access / owned by uid 0 in Unknown on line 0
[Fri Feb 01 23:10:29 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed
to access / owned by uid 0 in Unknown on line 0, [Fri Feb 01 23:10:29 2008]
[error] [client 91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in
effect. The script whose uid is 5163 is not allowed to access / owned by uid 0
in Unknown on line 0,
[Fri Feb 01 23:10:29 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed
to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5152 is not allowed
to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed
to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed
to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5152 is not allowed
to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:11:39 2008] [error] [client 91.83.33.155] PHP Warning: Unknown:
SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed
to access / owned by uid 0 in Unknown on line 0,
Since this is a "production server" with heavy load, I didn't have too much
resource to do thorough testing, but I was able to get some strace when
segfault occurred:
[Wed Jan 30 11:38:23 2008] [notice] child pid 13940 exit signal Segmentation
fault (11)
Strace excerpt from pid 13940:
accept(3, {sa_family=AF_INET, sin_port=htons(30925),
sin_addr=inet_addr("212.72.104.203")}, [16]) = 980
semop(1703943, 0xb7cd1cfa, 1) = 0
gettimeofday({1201689547, 25972}, NULL) = 0
fcntl64(980, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(980, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1201689547, 28806}, NULL) = 0
read(980, "GET
/components/com_virtuemart/show_image_in_imgtag.php?filename=e5017277e9d2f8df84e0c89fffe67834.jpg&newxsize=100&newys"...,
8000) = 603
gettimeofday({1201689547, 172482}, NULL) = 0
gettimeofday({1201689547, 174219}, NULL)
= 0
gettimeofday({1201689547, 176043}, NULL)
= 0
stat64("/var/www/somedomain.hu/components/com_virtuemart/show_image_in_imgtag.php",
{st_mode=S_IFREG|0640, st_size=3477, ...}) = 0
lstat64("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/var/www", {st_mode=S_IFDIR|0755, st_size=20480, ...})
= 0
open("/var/www/.htaccess", O_RDONLY|O_LARGEFILE)
= -1 ENOENT (No such file or directory)
open("/var/www/somedomain.hu/.htaccess", O_RDONLY|O_LARGEFILE)
= 981
fstat64(981, {st_mode=S_IFREG|0640, st_size=5014, ...})
= 0
read(981, "#agocsp\nphp_value register_globals OFF\n\nphp_flag display_errors
on\n\nphp_value log_errors 1\nphp_value error_log #_php_err"..., 4096) = 4096
read(981, " the operations listed below\n## This attempts to block the most
common type of exploit `attempts` to Joomla!\n#\n# Block o"..., 4096) = 918
read(981, "", 4096) = 0
read(981, "", 4096)
= 0
close(981)
= 0
open("/var/www/somedomain.hu/components/.htaccess", O_RDONLY|O_LARGEFILE)
= -1 ENOENT (No such file or directory)
open("/var/www/somedomain.hu/components/com_virtuemart/.htaccess",
O_RDONLY|O_LARGEFILE)
= -1 ENOENT (No such file or
directory)
open("/var/www/somedomain.hu/components/com_virtuemart/show_image_in_imgtag.php/.htaccess",
O_RDONLY|O_LARGEFILE)
= -1 ENOTDIR (Not a
directory)
getcwd("/", 4096)
= 2
lstat64("/#_php_error.log", 0xbfe2032c)
= -1 ENOENT (No such
file or directory)
stat64("/#_php_error.log", 0xbfe254ac)
= -1 ENOENT (No such
file or directory)
stat64("/", {st_mode=S_IFDIR|0755, st_size=4096, ...})
= 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
chdir("/etc/apache2") = 0
rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 0
kill(13828, SIGSEGV) = 0
sigreturn() = ? (mask now [])
--- SIGSEGV (Segmentation fault) @ 0 (0) ---