Bug 1305843
| Summary: | Apache HTTPD core-dumps with mod_security enabled | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Gerd <gerd+redhat> | ||||||
| Component: | mod_security | Assignee: | Marek Tamaskovic <mtamasko> | ||||||
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 7.2 | CC: | arm-mgr, gerd+redhat, jcm, jfeeney, mfrodl, tech | ||||||
| Target Milestone: | rc | Keywords: | Triaged | ||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2017-08-30 11:58:08 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
The only two work-arounds are to either disable the loading of mod_security or have the following rule to bypass it for images: # Temporary fix - we switch off images as Apache crashes serving images SecRule REQUEST_URI "@beginsWith /frontend/assets/files/" id:02001,phase:1,nolog,allow,ctl:ruleEngine=Off For completeness - version information: [Wed Feb 10 07:53:55.176771 2016] [mpm_prefork:notice] [pid 48108] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations [Wed Feb 10 07:53:55.176841 2016] [core:notice] [pid 48108] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Wed Feb 10 07:59:25.733760 2016] [mpm_prefork:notice] [pid 48108] AH00170: caught SIGWINCH, shutting down gracefully [Wed Feb 10 07:59:29.185432 2016] [:notice] [pid 48299] ModSecurity for Apache/2.7.3 (http://www.modsecurity.org/) configured. [Wed Feb 10 07:59:29.185556 2016] [:notice] [pid 48299] ModSecurity: APR compiled version="1.4.8"; loaded version="1.4.8" [Wed Feb 10 07:59:29.185564 2016] [:notice] [pid 48299] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32 2012-11-30" [Wed Feb 10 07:59:29.185567 2016] [:notice] [pid 48299] ModSecurity: LUA compiled version="Lua 5.1" [Wed Feb 10 07:59:29.185569 2016] [:notice] [pid 48299] ModSecurity: LIBXML compiled version="2.9.1" I've not seen this. Would it be possible to get a full backtrace of the crash? To do this, run the httpd directly:
1). Stop HTTPD (Apache).
2). Start under strace:
# strace -fFvxxx -o httpd.txt /usr/sbin/httpd -D FOREGROUND
3). Reproduce the crash and send the httpd.txt file
Created attachment 1146731 [details]
HTTP trace of core-dump
@Jon - I have just added a trace - the dumps logged in error.log were:
[Wed Apr 13 09:44:10.665513 2016] [core:notice] [pid 32798] AH00052: child pid 32799 exit signal Segmentation fault (11)
[Wed Apr 13 09:44:10.665817 2016] [core:notice] [pid 32798] AH00052: child pid 32800 exit signal Segmentation fault (11)
[Wed Apr 13 09:44:10.665904 2016] [core:notice] [pid 32798] AH00052: child pid 32801 exit signal Segmentation fault (11)
[Wed Apr 13 09:45:48.775185 2016] [core:notice] [pid 32798] AH00052: child pid 32803 exit signal Segmentation fault (11)
What arch does this fail on? The Hardware field says AArch64 but the comment has a reference to "Linux 3.10.0-327.4.5.el7.x86_64 #1 SMP Mon Jan 25 22:07:14 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux". If it fails on both, that would improve the significance of this bz but it is not very clear where it fails. It fails on CentOS Linux release 7.2.1511 (Core) Linux 3.10.0-327.13.1.el7.x86_64 #1 SMP Thu Mar 31 16:04:38 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Okay, thanks. So there is no AArch64 element here, right? I will modify the Hardware field to reflect this. (In reply to John Feeney from comment #10) > Okay, thanks. > > So there is no AArch64 element here, right? I will modify the Hardware field > to reflect this. Yes, this is correct. I changed it to x86_64. I am trying to reproduce that error. I already installed all that packages you wrote and tried download image from server without php application and everything works. Can you specify which php application are you using or any more details? (In reply to Marek Tamaskovic from comment #12) > I am trying to reproduce that error. I already installed all that packages > you wrote and tried download image from server without php application and > everything works. Can you specify which php application are you using or any > more details? Hi there, I am sorry to say that we are not running this stack any more and moved on from Apache to NGINX because of the issue - this was already done last year. I gave up monitoring this bug from May 2016 and I am a bit surprised that it took almost 14 months for someone to review the bug-submission. I think you need to close the bug as it will be impossible for me to setup an environment replicating it. |
Created attachment 1122388 [details] Core dump logged by Apache Description of problem: With mod_security enabled, Apache HTTP core-dumps with error [core:notice] [pid 14657] AH00051: child pid 14658 exit signal Segmentation fault (11), possible coredump in /data/pickup This only happens when accessing images within a PHP application. Regular content (CSS / JS) seems to be fine. Version-Release number of selected component (if applicable): - CentOS Linux release 7.2.1511 (Core) - Linux 3.10.0-327.4.5.el7.x86_64 #1 SMP Mon Jan 25 22:07:14 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux - Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations How reproducible: Enable mod_security as the module and then do a wget of an image. Steps to Reproduce: 1. 2. 3. Actual results: Core dump - see attached files Expected results: Additional info: