Hi Walter,
Anything new with this? I have a similar hat mismatch, but I've never been
able to reproduce it. Did you manage to get strace output?
Thanks!
-Kees
On Thu, Apr 23, 2015 at 09:25:04AM +0200, Walter Hop wrote:
> On 23 Apr 2015, at 01:46, Steve Beattie <st...@nxnw.org> wrote:
> >
> > I also am unable to see this script, as a mod_security firewall(?) seems
> > to block it.
>
>
> Oops sorry. That ModSecurity rule against PHP source leakage… It’s nothing
> special, just replays the GET requests to the server, without even reading
> from the socket. I’ll paste it here.
>
> I’ll try to get syscall traces this week. I’m pretty sure the problem will
> appear when having only 1 Apache child, so it should be easy to do. Thanks to
> both for listening! :)
>
> <?php
>
> function replay(array $requests, $slowdownfactor, $host, $port = 80)
> {
> $fp = fsockopen($host, $port);
>
> foreach ($requests as $request) {
> list($sleep, $get) = $request;
>
> $usleep = round($sleep * $slowdownfactor);
> echo "Sleeping $usleep usec... ";
>
> usleep($usleep);
>
> $uri = substr($get, 4, strpos($get, " HTTP/1.1") - 4);
> echo "Getting $uri\n";
>
> if (!fwrite($fp, $get)) {
> exit("Yay! Connection was broken!\n");
> }
> }
> fclose($fp);
> }
>
> $inputfile = 'requests.json';
> $host = 'ubuntutest';
> $slowdownfactor = 400000; # must be between 150000 - 800000 for a 100%
> successful reproduce
>
> $requests = json_decode(file_get_contents($inputfile));
> replay($requests, $slowdownfactor, $host);
>
> --
> Walter Hop | PGP key: https://lifeforms.nl/pgp
>
> --
> AppArmor mailing list
> AppArmor@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
