[Fwd: Suhosin Segmentation Fault]
Alain Wolf
wolf at k18.ch
Wed Oct 15 13:01:33 PDT 2008
On 15.10.2008 20:55, Jeremy Chadwick wrote:
> On Wed, Oct 15, 2008 at 07:25:08PM +0200, Alain Wolf wrote:
>> Not much return on freebsd-isp.
>> I try again here on freebsd-questions.
>>
>> -------- Original-Nachricht --------
>> Betreff: Suhosin Segmentation Fault
>> Datum: Mon, 13 Oct 2008 09:49:09 +0200
>> Von: Alain Wolf <wolf at k18.ch>
>> An: freebsd-isp at freebsd.org
>> Newsgruppen: gmane.os.freebsd.isp
>>
>> After upgrading FreeBSD from 6.3-p3 to 6.3-p5 on our server, all
>> websites just display a blank page and every HTTP request created a line
>> as follows in the logs:
>>
>> child pid 80326 exit signal Segmentation fault (11)
>>
>> This same problem happened on another server a few months ago after the
>> upgrade from 6.3-p3 to 6.3-p4, but after a rebuild of all FreeBSD ports
>> all went back to normal. However several rebuilds of all ports did not
>> solve the problem on this one.
>>
>> To narrow down the problem: After disabling the PHP module in Apache the
>> problem disappears.
>>
>> Re-enabling PHP, but disabling the Suhosin extension also works fine.
>>
>> The trick found in this forum, to load the Suhosin extension before all
>> other PHP extensions in /usr/local/etc/php/extensions.ini does not help.
>> In fact not loading any extension at all except Suhosin creates the
>> segfault errors.
>
> Suhosin is not an extension you load in extensions.ini; it's a patch
> applied to the core of PHP.
Suhosin is *both*. A patch for php and a extension module for PHP.
>From http://www.hardened-php.net/suhosin/index.html:
Suhosin comes in two independent parts, that can be used separately or
in combination. The first part is a small patch against the PHP core,
that implements a few low-level protections against bufferoverflows or
format string vulnerabilities and the second part is a powerful PHP
extension that implements all the other protections.
The suhosin patch works fine on our servers. But the extension does not.
>
> The extension ordering problem, however, has been thoroughly discussed
> on -ports in the past. It happens to some and not others. There is no
> guaranteed way to determine what works and what doesn't. You have to
> literally enable line-by-line until you figure out which one is causing
> the problem.
I tried enabling and disabling extensions. All of them work, as long as
suhosin.so is not loaded. Regardless of the order.
If I disable all other extensions and load only suhosin.so in
/usr/local/etc/php/extensions.ini the apache processes are still crashing.
>
> You can also try building lang/php5 with DEBUG enabled and then when PHP
> segfaults, run gdb on the coredump and see if you can get a coherent
> backtrace (sometimes difficult with Apache in the way) to see what sort
> of functions are causing the crash; often each extension has its own
> function names, so that might give you some clues.
Hard for me, as this disrupts customer services. We are running without
the extensions for now.
>
>> PHP (cli) seems to run fine at all times when called from the command-line.
>
> Now that's very interesting, given as the CLI version also loads all the
> extensions listed in extensions.ini.
>
> Can you post your /usr/local/etc/php/extensions.ini? You didn't list
> off what extensions you have installed.
>
cat /usr/local/etc/php/extensions.ini
extension=gd.so
extension=ctype.so
extension=pcre.so
extension=session.so
extension=bz2.so
extension=openssl.so
extension=zlib.so
extension=mbstring.so
extension=mysql.so
extension=pdf.so
extension=mcrypt.so
extension=simplexml.so
extension=spl.so
extension=mysqli.so
extension=xml.so
extension=iconv.so
extension=hash.so
extension=tokenizer.so
extension=calendar.so
extension=ftp.so
extension=xmlrpc.so
extension=xmlwriter.so
extension=zip.so
extension=filter.so
;extension=suhosin.so
extension=wddx.so
extension=mhash.so
extension=json.so
extension=dom.so
extension=xmlreader.so
extension=exif.so
extension=ncurses.so
extension=gettext.so
extension=ldap.so
extension=pdo.so
extension=soap.so
extension=tidy.so
extension=pdo_sqlite.so
extension=apc.so
extension=readline.so
extension=xsl.so
extension=curl.so
More information about the freebsd-questions
mailing list