Apache Signal 11

Pekka Savola pekkas at netcore.fi
Tue Mar 29 09:53:41 PST 2005


FWIW,

It may be that our issue was this:

http://www.freebsd.org/cgi/query-pr.cgi?pr=78776

What I have since then tried:
  - setting up irqs as sources for /dev/random pool, (in my case 
vmstat -i shows a lot of activity at 2, 10, 0 and 8, and I used the 
first two with rndcontrol and then in rc.conf w/ rand_irqs=)
  - installing prngd, and using it for SSL seeding
  - replacing SSLRandomSeed with different values (egd, builtin, 
urandom)

At first. just commenting out the openssl php module didn't work, but 
now that I have more activity in /dev/random due to using irqs, 
removing openssl php module was apparently a sufficient short-term fix 
for my problem at least.. and it works now.

However, I have no idea why it had suddenly ceased working; if I'd 
have to guess, this might have had something to with php4's openssl 
revision 1.84 at ports/lang/php4/Makefile (a compilation option to 
build openssl statically).

HTH..

On Sun, 20 Mar 2005, Pekka Savola wrote:
> I've started to experience the same thing which Kyle Mott and "Vlad" reported 
> with apache+mod_ssl crashing when SSL is enabled:
>
> #0  0x2840b63c in engine_table_select () from /usr/lib/libcrypto.so.3
> #1  0x283ebc88 in ENGINE_get_default_RAND () from /usr/lib/libcrypto.so.3
> #2  0x283eaf6e in RAND_get_rand_method () from /usr/lib/libcrypto.so.3
> #3  0x283eb07c in RAND_seed () from /usr/lib/libcrypto.so.3
> #4  0x2830be47 in ssl_rand_seed () from /usr/local/libexec/apache/libssl.so
> #5  0x28307dac in ssl_init_Module () from /usr/local/libexec/apache/libssl.so
> #6  0x8055714 in ap_init_modules ()
> #7  0x805d8fe in standalone_main ()
> #8  0x805e08b in main ()
> #9  0x804fcde in _start ()
>
> A few salient points:
> - running FreeBSD-4.11 stable, and the latest apache+mod_ssl port w/ PHP
> - the crash occurs before httpd creates the child processes
> - disabling PHP does not work; disabling SSL works around this
>   problem (but is not an acceptable solution, of course :)
> - I don't have any cryptocards, nor have I made any significant
>   changes to the system since this started happening.  The system
>   uptime was around 40 days, so the process has at least started fine
>   40 days ago.
> - rebuilding world and apache+mod_ssl does not help
> - /dev/{u,}random seem to be fine
> - my /tmp is mounted nodev,noexec,nosuid but this has worked with it
>   in the past, so should not be an issue.
>
>

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings


More information about the freebsd-stable mailing list