[Fwd: Suhosin Segmentation Fault]
wolf at k18.ch
Wed Oct 15 13:01:33 PDT 2008
On 15.10.2008 20:55, Jeremy Chadwick wrote:
> On Wed, Oct 15, 2008 at 07:25:08PM +0200, Alain Wolf wrote:
>> Not much return on freebsd-isp.
>> I try again here on freebsd-questions.
>> -------- Original-Nachricht --------
>> Betreff: Suhosin Segmentation Fault
>> Datum: Mon, 13 Oct 2008 09:49:09 +0200
>> Von: Alain Wolf <wolf at k18.ch>
>> An: freebsd-isp at freebsd.org
>> Newsgruppen: gmane.os.freebsd.isp
>> After upgrading FreeBSD from 6.3-p3 to 6.3-p5 on our server, all
>> websites just display a blank page and every HTTP request created a line
>> as follows in the logs:
>> child pid 80326 exit signal Segmentation fault (11)
>> This same problem happened on another server a few months ago after the
>> upgrade from 6.3-p3 to 6.3-p4, but after a rebuild of all FreeBSD ports
>> all went back to normal. However several rebuilds of all ports did not
>> solve the problem on this one.
>> To narrow down the problem: After disabling the PHP module in Apache the
>> problem disappears.
>> Re-enabling PHP, but disabling the Suhosin extension also works fine.
>> The trick found in this forum, to load the Suhosin extension before all
>> other PHP extensions in /usr/local/etc/php/extensions.ini does not help.
>> In fact not loading any extension at all except Suhosin creates the
>> segfault errors.
> Suhosin is not an extension you load in extensions.ini; it's a patch
> applied to the core of PHP.
Suhosin is *both*. A patch for php and a extension module for PHP.
Suhosin comes in two independent parts, that can be used separately or
in combination. The first part is a small patch against the PHP core,
that implements a few low-level protections against bufferoverflows or
format string vulnerabilities and the second part is a powerful PHP
extension that implements all the other protections.
The suhosin patch works fine on our servers. But the extension does not.
> The extension ordering problem, however, has been thoroughly discussed
> on -ports in the past. It happens to some and not others. There is no
> guaranteed way to determine what works and what doesn't. You have to
> literally enable line-by-line until you figure out which one is causing
> the problem.
I tried enabling and disabling extensions. All of them work, as long as
suhosin.so is not loaded. Regardless of the order.
If I disable all other extensions and load only suhosin.so in
/usr/local/etc/php/extensions.ini the apache processes are still crashing.
> You can also try building lang/php5 with DEBUG enabled and then when PHP
> segfaults, run gdb on the coredump and see if you can get a coherent
> backtrace (sometimes difficult with Apache in the way) to see what sort
> of functions are causing the crash; often each extension has its own
> function names, so that might give you some clues.
Hard for me, as this disrupts customer services. We are running without
the extensions for now.
>> PHP (cli) seems to run fine at all times when called from the command-line.
> Now that's very interesting, given as the CLI version also loads all the
> extensions listed in extensions.ini.
> Can you post your /usr/local/etc/php/extensions.ini? You didn't list
> off what extensions you have installed.
More information about the freebsd-questions