<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-2">
<META content="MSHTML 6.00.6000.16587" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Package: libapache2-mod<BR>Version:
5.2.4-2+b1</FONT></DIV>
<DIV><FONT face=Arial size=2>Severity: important<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>When I migrated to Apache 2.2.6-3 + PHP 5.2.4-2+b1
(mpm-prefork) from testing at about January 29, I started experiencing
Apache Segmentation faults very frequently.</FONT></DIV>
<DIV>
<DIV><FONT face=Arial size=2>Using strace I narrowed down the problem's cause
which was .htaccess file containing:</FONT></DIV>
<DIV><FONT face=Arial size=2> php_value error_log
somelogfile.log</FONT></DIV>
<DIV><FONT face=Arial size=2>This (relative path) was working on this very same
server before the update, by that time the server was running PHP
5.2.3-1+lenny1.</FONT></DIV>
<DIV><FONT face=Arial size=2>I suspect this is related to the Suhosin
patch, though this is just a feeling.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>It seems that the updated PHP and the usage of
the (previously working) "relative path"+safe mode+not www-data uid
generally only creates a</FONT></DIV>
<DIV><FONT face=Arial size=2>"</FONT><FONT face=Arial size=2>PHP Warning:
Unknown: SAFE MODE Restriction </FONT><FONT face=Arial size=2>in effect.
The script whose uid is 5163 is not allowed to access <STRONG><FONT
color=#ff0000 size=3>/</FONT></STRONG> owned by uid 0 in Unknown on line
0"</FONT></DIV>
<DIV><FONT face=Arial size=2>in the log file [note root "<STRONG><FONT
color=#ff0000 size=3>/</FONT></STRONG>"], however, under heavy stress, UID
mixups occur, and eventually some of this ends up in segfaulting the apache
child - [which then might</FONT></DIV>
<DIV><FONT face=Arial size=2>stuck in the memory and taking up heavy CPU
resources].</FONT><BR></DIV>
<DIV><FONT face=Arial size=2><U>Please note that UID (bold/red) gets
screwed up too, under heavy stress [5163 is the "legal" user id for that virtual
host and 5152 is a totally different and unrelated one].</U></FONT></DIV>
<DIV><FONT face=Arial size=2>[Fri Feb 01 23:10:28 2008] [error] [client
91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in effect.
The script whose uid is 5163 is not allowed to access / owned by uid 0 in
Unknown on line 0<BR>[Fri Feb 01 23:10:29 2008] [error] [client 91.83.33.155]
PHP Warning: Unknown: SAFE MODE Restriction in effect. The script
whose uid is 5163 is not allowed to access / owned by uid 0 in Unknown on line
0, </FONT><FONT face=Arial size=2>[Fri Feb 01 23:10:29 2008] [error] [client
91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in effect.
The script whose uid is 5163 is not allowed to access / owned by uid 0 in
Unknown on line 0, </FONT><BR><FONT face=Arial size=2>[Fri Feb 01 23:10:29 2008]
[error] [client 91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction
in effect. The script whose uid is<STRONG><FONT color=#ff0000> 5163
</FONT></STRONG>is not allowed to access / owned by uid 0 in Unknown on line 0,
</FONT><BR><FONT face=Arial size=2>[Fri Feb 01 23:10:30 2008] [error] [client
91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in effect.
The script whose uid is<STRONG> <FONT color=#ff0000>5152</FONT></STRONG><FONT
color=#ff0000> </FONT>is not allowed to access / owned by uid 0 in Unknown on
line 0, </FONT><BR><FONT face=Arial size=2>[Fri Feb 01 23:10:30 2008] [error]
[client 91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in
effect. The script whose uid is 5163 is not allowed to access / owned by
uid 0 in Unknown on line 0, </FONT><BR><FONT face=Arial size=2>[Fri Feb 01
23:10:30 2008] [error] [client 91.83.33.155] PHP Warning: Unknown: SAFE
MODE Restriction in effect. The script whose uid is 5163 is not allowed to
access / owned by uid 0 in Unknown on line 0, </FONT><BR><FONT face=Arial
size=2>[Fri Feb 01 23:10:30 2008] [error] [client 91.83.33.155] PHP
Warning: Unknown: SAFE MODE Restriction in effect. The script whose
uid is 5152 is not allowed to access / owned by uid 0 in Unknown on line 0,
</FONT><BR><FONT face=Arial size=2>[Fri Feb 01 23:11:39 2008] [error] [client
91.83.33.155] PHP Warning: Unknown: SAFE MODE Restriction in effect.
The script whose uid is 5163 is not allowed to access / owned by uid 0 in
Unknown on line 0, </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT>
<DIV><BR><FONT face=Arial size=2><U>Since this is a "production server" with
heavy load, I didn't have too much resource to do thorough testing, but I was
able to get some strace when segfault occurred:</U></FONT></DIV>
<DIV>
<DIV><FONT face=Arial size=2>[Wed Jan 30 11:38:23 2008] [notice] child pid
<STRONG>13940</STRONG> exit signal Segmentation fault (11)<BR></FONT></DIV>
<DIV><FONT face=Arial size=2><U>Strace excerpt from pid
<STRONG>13940</STRONG>:</U></FONT></DIV>
<DIV><FONT face=Arial size=2>accept(3, {sa_family=AF_INET,
sin_port=htons(30925), sin_addr=inet_addr("212.72.104.203")}, [16]) =
980<BR>semop(1703943, 0xb7cd1cfa, 1) = 0<BR>gettimeofday({1201689547, 25972},
NULL) = 0<BR>fcntl64(980, F_GETFL) = 0x2 (flags O_RDWR)<BR>fcntl64(980, F_SETFL,
O_RDWR|O_NONBLOCK) = 0<BR>gettimeofday({1201689547, 28806}, NULL) =
0<BR>read(980, "GET
/components/com_virtuemart/show_image_in_imgtag.php?filename=e5017277e9d2f8df84e0c89fffe67834.jpg&newxsize=100&newys"...,
8000) = 603<BR>gettimeofday({1201689547, 172482}, NULL) =
0<BR>gettimeofday({1201689547, 174219},
NULL)
= 0<BR>gettimeofday({1201689547, 176043},
NULL)
=
0<BR>stat64("/var/www/somedomain.hu/components/com_virtuemart/show_image_in_imgtag.php",
{st_mode=S_IFREG|0640, st_size=3477, ...}) = 0<BR>lstat64("/var",
{st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0<BR>lstat64("/var/www",
{st_mode=S_IFDIR|0755, st_size=20480,
...})
= 0<BR>open("/var/www/.htaccess",
O_RDONLY|O_LARGEFILE)
= -1 ENOENT (No such file or
directory)<BR>open("/var/www/somedomain.hu/<STRONG>.htaccess</STRONG>",
O_RDONLY|O_LARGEFILE)
= 981<BR>fstat64(981, {st_mode=S_IFREG|0640, st_size=5014,
...})
= 0<BR>read(981, "#agocsp\nphp_value register_globals OFF\n\nphp_flag
display_errors on\n\nphp_value log_errors 1\n<STRONG>php_value error_log
#_php_err</STRONG>"..., 4096) = 4096<BR>read(981, " the operations listed
below\n## This attempts to block the most common type of exploit `attempts` to
Joomla!\n#\n# Block o"..., 4096) = 918<BR>read(981, "",
4096)
= 0<BR>read(981, "",
4096)
=
0<BR>close(981)
= 0<BR>open("/var/www/somedomain.hu/components/.htaccess",
O_RDONLY|O_LARGEFILE)
= -1 ENOENT (No such file or
directory)<BR>open("/var/www/somedomain.hu/components/com_virtuemart/.htaccess",
O_RDONLY|O_LARGEFILE)
= -1 ENOENT (No such file or
directory)<BR>open("/var/www/somedomain.hu/components/com_virtuemart/show_image_in_imgtag.php/.htaccess",
O_RDONLY|O_LARGEFILE)
= -1 ENOTDIR (Not a directory)<BR>getcwd("/",
4096)
= 2<BR>lstat64("<STRONG><FONT color=#ff0000
size=3>/</FONT>#_php_error.log</STRONG>",
0xbfe2032c)
= -1 ENOENT (No such file or directory)<BR>stat64("<STRONG><FONT color=#ff0000
size=3>/</FONT>#_php_error.log</STRONG>",
0xbfe254ac)
= -1 ENOENT (No such file or directory)<BR>stat64("<STRONG><FONT color=#ff0000
size=3>/</FONT></STRONG>", {st_mode=S_IFDIR|0755, st_size=4096,
...})
= 0<BR>--- SIGSEGV (<STRONG>Segmentation fault</STRONG>) @ 0 (0)
---<BR>chdir("/etc/apache2") = 0<BR>rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL},
8) = 0<BR>kill(13828, SIGSEGV) = 0<BR>sigreturn() = ? (mask now [])<BR>---
SIGSEGV (<STRONG>Segmentation fault</STRONG>) @ 0 (0) ---<BR></FONT></DIV>
<DIV><FONT face=Arial size=2> </DIV></FONT></DIV></DIV></BODY></HTML>