Debian Bug report logs -
#465081
apache2.2.6/mod-php5.2.4-2+b1 [because of suhosin?] -- segmentation fault [debian testing]
Reported by: "Gabor FUNK" <FUNK.Gabor@hunetkft.hu>
Date: Sun, 10 Feb 2008 15:21:01 UTC
Severity: important
Fixed in versions php5/5.2.6.dfsg.1-1+lenny9, 5.3.3-7
Done: Ondřej Surý <ondrej@sury.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, unknown-package@qa.debian.org:
Bug#465081; Package libapache2-mod.
(full text, mbox, link).
Acknowledgement sent to "Gabor FUNK" <FUNK.Gabor@hunetkft.hu>:
New Bug report received and forwarded. Copy sent to unknown-package@qa.debian.org.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libapache2-mod
Version: 5.2.4-2+b1
Severity: important
When I migrated to Apache 2.2.6-3 + PHP 5.2.4-2+b1 (mpm-prefork) from testing at about January 29, I started experiencing Apache Segmentation faults very frequently.
Using strace I narrowed down the problem's cause which was .htaccess file containing:
php_value error_log somelogfile.log
This (relative path) was working on this very same server before the update, by that time the server was running PHP 5.2.3-1+lenny1.
I suspect this is related to the Suhosin patch, though this is just a feeling.
It seems that the updated PHP and the usage of the (previously working) "relative path"+safe mode+not www-data uid generally only creates a
"PHP Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0"
in the log file [note root "/"], however, under heavy stress, UID mixups occur, and eventually some of this ends up in segfaulting the apache child - [which then might
stuck in the memory and taking up heavy CPU resources].
Please note that UID (bold/red) gets screwed up too, under heavy stress [5163 is the "legal" user id for that virtual host and 5152 is a totally different and unrelated one].
[Fri Feb 01 23:10:28 2008] [error] [client 91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0
[Fri Feb 01 23:10:29 2008] [error] [client 91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0, [Fri Feb 01 23:10:29 2008] [error] [client 91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:10:29 2008] [error] [client 91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 5152 is not allowed to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 5152 is not allowed to access / owned by uid 0 in Unknown on line 0,
[Fri Feb 01 23:11:39 2008] [error] [client 91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line 0,
Since this is a "production server" with heavy load, I didn't have too much resource to do thorough testing, but I was able to get some strace when segfault occurred:
[Wed Jan 30 11:38:23 2008] [notice] child pid 13940 exit signal Segmentation fault (11)
Strace excerpt from pid 13940:
accept(3, {sa_family=AF_INET, sin_port=htons(30925), sin_addr=inet_addr("212.72.104.203")}, [16]) = 980
semop(1703943, 0xb7cd1cfa, 1) = 0
gettimeofday({1201689547, 25972}, NULL) = 0
fcntl64(980, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(980, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1201689547, 28806}, NULL) = 0
read(980, "GET /components/com_virtuemart/show_image_in_imgtag.php?filename=e5017277e9d2f8df84e0c89fffe67834.jpg&newxsize=100&newys"..., 8000) = 603
gettimeofday({1201689547, 172482}, NULL) = 0
gettimeofday({1201689547, 174219}, NULL) = 0
gettimeofday({1201689547, 176043}, NULL) = 0
stat64("/var/www/somedomain.hu/components/com_virtuemart/show_image_in_imgtag.php", {st_mode=S_IFREG|0640, st_size=3477, ...}) = 0
lstat64("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/var/www", {st_mode=S_IFDIR|0755, st_size=20480, ...}) = 0
open("/var/www/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
open("/var/www/somedomain.hu/.htaccess", O_RDONLY|O_LARGEFILE) = 981
fstat64(981, {st_mode=S_IFREG|0640, st_size=5014, ...}) = 0
read(981, "#agocsp\nphp_value register_globals OFF\n\nphp_flag display_errors on\n\nphp_value log_errors 1\nphp_value error_log #_php_err"..., 4096) = 4096
read(981, " the operations listed below\n## This attempts to block the most common type of exploit `attempts` to Joomla!\n#\n# Block o"..., 4096) = 918
read(981, "", 4096) = 0
read(981, "", 4096) = 0
close(981) = 0
open("/var/www/somedomain.hu/components/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
open("/var/www/somedomain.hu/components/com_virtuemart/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
open("/var/www/somedomain.hu/components/com_virtuemart/show_image_in_imgtag.php/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOTDIR (Not a directory)
getcwd("/", 4096) = 2
lstat64("/#_php_error.log", 0xbfe2032c) = -1 ENOENT (No such file or directory)
stat64("/#_php_error.log", 0xbfe254ac) = -1 ENOENT (No such file or directory)
stat64("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
chdir("/etc/apache2") = 0
rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 0
kill(13828, SIGSEGV) = 0
sigreturn() = ? (mask now [])
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
[Message part 2 (text/html, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#465081; Package libapache2-mod-php5.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #12 received at 465081@bugs.debian.org (full text, mbox, reply):
On Sun, Feb 10, 2008 at 04:07:28PM +0100, Gabor FUNK wrote:
> Package: libapache2-mod
> Version: 5.2.4-2+b1
> Severity: important
> When I migrated to Apache 2.2.6-3 + PHP 5.2.4-2+b1 (mpm-prefork) from
> testing at about January 29, I started experiencing Apache Segmentation
> faults very frequently.
This is no longer the current version of php5 in testing or unstable. Can
you please upgrade to libapache2-mod-php5 to verify whether the problem
still exists in this later version?
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#465081; Package libapache2-mod-php5.
(full text, mbox, link).
Acknowledgement sent to "Gabor FUNK" <FUNK.Gabor@hunetkft.hu>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #17 received at 465081@bugs.debian.org (full text, mbox, reply):
> On Sun, Feb 10, 2008 at 04:07:28PM +0100, Gabor FUNK wrote:
>> Package: libapache2-mod
>> Version: 5.2.4-2+b1
>> Severity: important
>
>> When I migrated to Apache 2.2.6-3 + PHP 5.2.4-2+b1 (mpm-prefork) from
>> testing at about January 29, I started experiencing Apache Segmentation
>> faults very frequently.
>
> This is no longer the current version of php5 in testing or unstable. Can
> you please upgrade to libapache2-mod-php5 to verify whether the problem
> still exists in this later version?
I updated my test server, and the "relative path to '/' (root dir) change"
problem exist with the current version too.
(Apache/2.2.8 (Debian) PHP/5.2.5-2 with Suhosin-Patch mod_ssl/2.2.8
OpenSSL/0.9.8g)
[Mon Feb 11 10:30:18 2008] [error] [client 192.168.15.77] PHP Warning:
Unknown: SAFE MODE Restriction in effect. The script whose uid is 33 is not
allowed to access / owned by uid 0 in Unknown on line 0
As for the UID mixup and the eventual segfault, I need to do the test on the
production
server [need the stress], but whatever will be the result, the path change
itself is a "bug"
and seem to be the cause of the UID mixup (heap corruption?) and the
segfault.
Gabor
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#465081; Package libapache2-mod-php5.
(Thu, 17 Mar 2011 11:09:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Ondřej Surý <ondrej@sury.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Thu, 17 Mar 2011 11:09:06 GMT) (full text, mbox, link).
Message #22 received at 465081@bugs.debian.org (full text, mbox, reply):
fixed 465081 5.2.6.dfsg.1-1+lenny9
thank you
I think we can safely assume that this bug went away in lenny (which
is a old stable now). If it is still present in current stable
(5.3.3-7) feel free to reopen the bug.
Ondrej
--
Ondřej Surý <ondrej@sury.org>
Bug Marked as fixed in versions php5/5.2.6.dfsg.1-1+lenny9.
Request was from Ondřej Surý <ondrej@sury.org>
to control@bugs.debian.org.
(Thu, 17 Mar 2011 11:09:10 GMT) (full text, mbox, link).
Reply sent
to Ondřej Surý <ondrej@sury.org>:
You have taken responsibility.
(Wed, 27 Apr 2011 08:33:24 GMT) (full text, mbox, link).
Notification sent
to "Gabor FUNK" <FUNK.Gabor@hunetkft.hu>:
Bug acknowledged by developer.
(Wed, 27 Apr 2011 08:33:25 GMT) (full text, mbox, link).
Message #29 received at 465081-done@bugs.debian.org (full text, mbox, reply):
Version: 5.3.3-7
Hi,
since lenny is oldstable it will not get any updates now (except
security)[1], I am closing all segfault bugs filled against php5 in
lenny. (This is kind of saying that we don't care much about php5 in
lenny anymore).
If you believe the bug is still there, please provide evidence[2] and
a (preferably complete) test case with up-to-date squeeze (and/or
testing or unstable) version of php5 and reopen the bug.
O.
1. http://wiki.debian.org/PHP#Notes_on_PHP_and_security
2. Install php5-dbg and provide backtrace:
http://bugs.php.net/bugs-generating-backtrace.php
--
Ondřej Surý <ondrej@sury.org>
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 26 May 2011 07:40:45 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jul 2 00:43:40 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.