iamfourninjas (iamfourninjas) wrote in apache,
iamfourninjas
iamfourninjas
apache

Apache2 in chroot jail, sigfaulting child process

I upgraded apache from 2.0.52 to 2.0.53 in my chroot jail, on linux.

it took forever to start, and then segfaulted the child processes whenever I hit the server.

I eventually tracked the startup delay to an insufficient quantity of entropy for /dev/random. I gave it a lot more entropy and it still blocked occasionaly, so I moved to /dev/urandom.

I moved ldd and strace into the jail to double check things. I do not appear to be missing any libraries.
I ran strace. I ran it with a bunch of different flags, I end up with child process straces that look just fine, a couple errors that are expected due to the jail, then, BAM, SIGSEGV, with no warning or explaination.

It doesn't segfault if I remove -D PHP5 and -D SSL... but again, I don't seem to be missing any libraries.


child process stack trace:

getpid() = 16013
rt_sigaction(SIGHUP, {0xb7ca7dc0, [], SA_INTERRUPT}, {0xb7ca7dc0, [HUP USR1], 0}, 8) = 0
rt_sigaction(SIGTERM, {0xb7ca7dc0, [], SA_INTERRUPT}, {0xb7ca7dc0, [], 0}, 8) = 0
rt_sigaction(SIGUSR1, {SIG_IGN}, {0xb7ca7dc0, [HUP USR1], 0}, 8) = 0
getpid() = 16013
getpid() = 16013
geteuid32() = 0
setgid32(81) = 0
open("/proc/sys/kernel/ngroups_max", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/group", O_RDONLY) = 13
fcntl64(13, F_GETFD) = 0
fcntl64(13, F_SETFD, FD_CLOEXEC) = 0
fstat64(13, {st_mode=S_IFREG|0644, st_size=13, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fea000
_llseek(13, 0, [0], SEEK_CUR) = 0
read(13, "apache:x:81:\n", 4096) = 13
read(13, "", 4096) = 0
close(13) = 0
munmap(0xb7fea000, 4096) = 0
setgroups32(1, [81]) = 0
geteuid32() = 0
setuid32(81) = 0
getpid() = 16013
gettimeofday({1110440023, 141397}, NULL) = 0
getpid() = 16013
brk(0x82f8000) = 0x82f8000
getpid() = 16013
time(NULL) = 1110440023
gettimeofday({1110440023, 142945}, NULL) = 0
gettimeofday({1110440023, 143359}, NULL) = 0
semop(3014687, 0xb7d866ec, 1) = 0
poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN, revents=POLLIN}], 2, -1) = 1
accept(3, {sa_family=AF_INET, sin_port=htons(1467), sin_addr=inet_addr("xx.xx.xx.xx")}, [16]) = 13
semop(3014687, 0xb7d866f2, 1) = 0
gettimeofday({1110440031, 271384}, NULL) = 0
getsockname(13, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("xx.xx.xx.xx")}, [16]) = 0
time(NULL) = 1110440031
gettimeofday({1110440031, 272605}, NULL) = 0
fcntl64(13, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(13, F_SETFL, O_RDWR|O_NONBLOCK) = 0
time(NULL) = 1110440031
read(13, 0x82f49d8, 8000) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=13, events=POLLIN, revents=POLLIN}], 1, 300000) = 1
read(13, "\200g\1\3\0\0N\0\0\0\20\1\0\200\3\0\200\7\0\300\6\0@\2"..., 8000) = 105
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
chdir("/usr/lib/apache2") = 0
rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 0
getpid() = 16013
getpid() = 16013
kill(16013, SIGSEGV) = 0
sigreturn() = ? (mask now [RTMIN])
--- SIGSEGV (Segmentation fault) @ 0 (0) ---


Maybe I'm missing something?
Subscribe
  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 3 comments