If what Gianni says is true, you could change the config to listen to ports
>1024 and then run non-root.
cheers
Kirk
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Gianni Mariani
> Sent: Monday, May 08, 2000 2:14 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Segmentation fault but even httpd -X == no core dump???
>
>
>
> Are you starting apache as root and changing the user ID ?
>
> If so, you will not get a core file from httpd - or any other process for
> that
> matter. It is considered a security weakness to be able to have a user
> examine a core file from program that was once run as root.
>
> I have used a dumb technique that works - I have apache catch all the
> signals (segv etc) and then call kill(SIGSTOP) on itself. With a bit of
> gdb'ing it seems to work.
>
> The only reason for httpd to run as root as far as I can tell is
> so that it
>
> can bind to port 80 and 443 which are priviledged ports. Other solutions
> I thought about was to patch the kernel and specifically allow 80 and 443
> binding by non-priviledged users or to patch apache and use file
> descriptor
>
> passing (either by exec or ipc messages) and have a program that program
> run as root.
>
> Anyhow, it sux.
>
> Philip Payne wrote:
>
> > Hi,
> >
> > Does anyone have any suggestions on what else I can try to get a core
> > dump to track down a segmentation fault????
> >
> > I've tried the various suggestions in the mod_ssl FAQ including:
> > 1) Setting CoreDumpDirectory to /tmp
> > 2) Starting Apache as a non-root user (Apache failed to start because
> > of privilege problems).
> > 3) Running the child servers as root (Apache refused to start for
> > security reasons).
> > 4) Starting Apache in single-process mode using httpd -X .
> > but the segmentation fault fails to produce a core dump.
> >
> > I'm using Apache/1.3.11 (Unix) PyApache/4.19 mod_ssl/2.5.1 OpenSSL/0.9.5
> > on Redhat Linux 6.1.
> >
> > I'm running a single Apache server for both non-SSL and SSL access.
> >
> > It all works perfectly except that child servers die with (e.g.):
> > [notice] child pid 3732 exit signal Segmentation fault (11)
> > under the following conditions which are 100% reproducible:
> > 1) The child server has been used for at least one SSL access.
> > 2) The child server receives a non-SSL CGI POST request ==>
> > segmentation fault.
> > CGI GET requests don't have this problem.
> >
> > OpenSSL was a absolutely standard install.
> >
> > mm was installed using:
> > ./configure --disable-shared
> > make
> >
> > mod_ssl was installed using:
> > ./configure \
> > --with-apache=../apache_1.3.11 \
> > --with-ssl=../openssl-0.9.5 \
> > --with-mm=../mm-1.0.12 \
> > --prefix=/usr/local/apache \
> > --disable-rule=SSL_COMPAT \
> > --enable-rule=SSL_SDBM
> > cd Apache directory
> > make
> > make certificate TYPE=test
> > make install
> >
> > httpd -V gives:
> > Server version: Apache/1.3.11 (Unix)
> > Server built: Mar 31 2000 11:12:41
> > Server's Module Magic Number: 19990320:6
> > Server compiled with....
> > -D EAPI
> > -D EAPI_MM
> > -D EAPI_MM_CORE_PATH="logs/httpd.mm"
> > -D HAVE_MMAP
> > -D HAVE_SHMGET
> > -D USE_SHMGET_SCOREBOARD
> > -D USE_MMAP_FILES
> > -D USE_FCNTL_SERIALIZED_ACCEPT
> > -D HTTPD_ROOT="/usr/local/apache"
> > -D SUEXEC_BIN="/usr/local/apache/bin/suexec"
> > -D DEFAULT_PIDLOG="logs/httpd.pid"
> > -D DEFAULT_SCOREBOARD="logs/httpd.scoreboard"
> > -D DEFAULT_LOCKFILE="logs/httpd.lock"
> > -D DEFAULT_XFERLOG="logs/access_log"
> > -D DEFAULT_ERRORLOG="logs/error_log"
> > -D TYPES_CONFIG_FILE="conf/mime.types"
> > -D SERVER_CONFIG_FILE="conf/httpd.conf"
> > -D ACCESS_CONFIG_FILE="conf/access.conf"
> > -D RESOURCE_CONFIG_FILE="conf/srm.conf"
> >
> > Thanks and regards,
> > Philip Payne
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
