Re: child pid exit signal Segmentation fault (11)
On Thu, Mar 18, 1999, Anton Voronin wrote: > the line in the subject appears in my apache-modssl logs after almost every > access to the server. Have anyone experienced the same problem? Sorry, but you've to at least give us the Apache, mod_ssl and SSLeay/OpenSSL version number. Because older versions are known to segfault under certain conditions, of course. But with the latest it shouldn't. When it's the latest, then please try to create a stackframe backtrace after the segfault with a debugger (look inside the mod_ssl FAQ for details about this). Without this we cannot locate the segfault. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: child pid exit signal Segmentation fault (11)
"Ralf S. Engelschall" wrote: > On Thu, Mar 18, 1999, Anton Voronin wrote: > > > the line in the subject appears in my apache-modssl logs after almost every > > access to the server. Have anyone experienced the same problem? > > Sorry, but you've to at least give us the Apache, mod_ssl and SSLeay/OpenSSL > version number. Because older versions are known to segfault under certain > conditions, of course. But with the latest it shouldn't. When it's the > latest, then please try to create a stackframe backtrace after the segfault > with a debugger (look inside the mod_ssl FAQ for details about this). Without > this we cannot locate the segfault. Apache-1.3.4+mod_ssl-2.2.5+openssl-0.9.1c (but the same happened with 2.2.4) compiled and installed from FreeBSD port FreeBSD-3.1-STABLE Unfortunately I wasn't able to make apache to create core image. Your FAQ mentions the following: Most "current" kernels do not allow a process to dump core after it has done a setuid() (unless it does an exec()) for security reasons... Probably this is the case, so I've recompiled apache with -DBIG_SECURITY_HOLE and run it as root, but it doesn't produce a core anyway. If I kill -SEGV it's parent process then it does, but if any of child processes produce Segmentation Fault or even if I run httpd -DSSL -X (to make it not to fork), core is not dumped. Strange... Maybe it does setuid() to itself anyway? Anton -- Anton Voronin| Ural Regional Center of FREEnet, [EMAIL PROTECTED] | Southern Ural University, Chelyabinsk, Russia http://www.urc.ac.ru/~anton | Programmer & System Administrator __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: child pid exit signal Segmentation fault (11)
Anton Voronin wrote: > "Ralf S. Engelschall" wrote: > > > On Thu, Mar 18, 1999, Anton Voronin wrote: > > > > > the line in the subject appears in my apache-modssl logs after almost every > > > access to the server. Have anyone experienced the same problem? > > > > Sorry, but you've to at least give us the Apache, mod_ssl and SSLeay/OpenSSL > > version number. Because older versions are known to segfault under certain > > conditions, of course. But with the latest it shouldn't. When it's the > > latest, then please try to create a stackframe backtrace after the segfault > > with a debugger (look inside the mod_ssl FAQ for details about this). Without > > this we cannot locate the segfault. > > Apache-1.3.4+mod_ssl-2.2.5+openssl-0.9.1c (but the same happened with 2.2.4) > compiled and installed from FreeBSD port > FreeBSD-3.1-STABLE > > Unfortunately I wasn't able to make apache to create core image. Your FAQ > mentions the following: > > Most "current" kernels do not allow a process to dump core > after it has done a setuid() (unless it does an exec()) for > security reasons... > > Probably this is the case, so I've recompiled apache with > -DBIG_SECURITY_HOLE and run it as root, but it doesn't > produce a core anyway. If I kill -SEGV it's parent process then it does, > but if any of child processes produce Segmentation Fault or even if I run > httpd -DSSL -X (to make it not to fork), core is not dumped. Strange... > > Maybe it does setuid() to itself anyway? > > Anton Seemes like I found the clue: when mod_put is also loaded, then child exits on SIGSEGV after each connection; if it's not then everithing goes fine. Thank you for paying attention to me. -- Anton Voronin| Ural Regional Center of FREEnet, [EMAIL PROTECTED] | Southern Ural University, Chelyabinsk, Russia http://www.urc.ac.ru/~anton | Programmer & System Administrator __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Child pid exit signal Segmentation fault (11)
On Fri, May 21, 1999, Shane Wilson wrote: > To make a long story short, had a crash on one of my webservers and had > to rebuild the machine. It was using apache_1.3.4+mod_ssl-2.2(?, sorry > don't remeber)+openssl-0.9.2b+php-3.0.7 on Linux 2.0.33. This was the > machine that my key and crt request were created on and mod_ssl with the > server.crt had run for months on without problem. I had backups of all > the date but still had to recreate the machine. > > The new machine is the following and also uses the original server.crt > and server.key files > > apache_1.3.6+mod_ssl-2.2.6+openssl-0.9.2b+php-3.0.7 on Linux 2.0.35. > > When I startup the server I can do a few https transactions, but every > time I click a link three of these appear in the log file. > > Child pid exit signal Segmentation fault (11) > > At this point I shutdown the server, when I restart it http works but > https returns a "server returned bad data error." > > The compiles had no error, I've also tried to compile several older > version combinations. Include one with SSLeay, but I always get the > same results. Is this SuSE Linux where such problems occured because of the vendor NDBM library? Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Child pid exit signal Segmentation fault (11)
"Ralf S. Engelschall" wrote: > [...] > > Is this SuSE Linux where such problems occured because of > the vendor NDBM library? This is also a problem on RedHat 6.0. Here's the longterm fix I used... ## notice this is a cp and *not* a mv!! cp /usr/include/db1/ndbm.h /usr/include/ndbm.h and apply the following patch: ### start patch ### --- /usr/include/ndbm.h Fri Apr 16 18:48:25 1999 +++ /usr/include/ndbm.h Thu May 20 17:13:41 1999 @@ -39,7 +39,7 @@ #ifndef _NDBM_H #define_NDBM_H 1 -#include +#include /* Map dbm interface onto db(3). */ #define DBM_RDONLY O_RDONLY @@ -77,3 +77,11 @@ __END_DECLS #endif /* ndbm.h */ + + + + + + + + ### end patch ### At that point, everything and anything requiring the 'normal' placement of ndbm.h still finds the correct db.h (there are two on glibc2.1 .. one in /usr/include and another in /usr/include/db1 .. they are *not* the same file. Happy patching .. and I'll probably whip up a quickie tool to automate this (if you'd like, Ralf, I can send it to you for inclusion as need) -- Regards, Dave P: [EMAIL PROTECTED] W: [EMAIL PROTECTED] Ubergeek - AnglersWeb, Inc / W3Works, LLC Data Monger - Gestalt Technology, LLC "Why is the machine faster?" "We lubricated the sticky bits, it's much smoother now." __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Child pid exit signal Segmentation fault (11)
>To make a long story short, had a crash on one of my webservers and had >to rebuild the machine. It was using apache_1.3.4+mod_ssl-2.2(?, sorry >don't remeber)+openssl-0.9.2b+php-3.0.7 on Linux 2.0.33. This was the >machine that my key and crt request were created on and mod_ssl with the >server.crt had run for months on without problem. I had backups of all >the date but still had to recreate the machine. > >The new machine is the following and also uses the original server.crt >and server.key files > >apache_1.3.6+mod_ssl-2.2.6+openssl-0.9.2b+php-3.0.7 on Linux 2.0.35. > > >When I startup the server I can do a few https transactions, but every >time I click a link three of these appear in the log file. > >Child pid exit signal Segmentation fault (11) > >At this point I shutdown the server, when I restart it http works but >https returns a "server returned bad data error." > >The compiles had no error, I've also tried to compile several older >version combinations. Include one with SSLeay, but I always get the >same results. > >Thank you for your time. > >Shane Wilson >Centre College I get the same symptoms with a Slackware 3.6 setup (sorry for the "me too" post, but I'm not using any other modules like php so there's one tiny tidbit of new info): --- Apache 1.3.6 + mod_ssl-2.2.7 (tried older versions too) + openssl-0.9.2b + Linux 2.0.35 From error_log right after apachectl startssl: [Fri May 21 21:17:17 1999] [notice] Apache/1.3.6 (Unix) mod_ssl/2.2.7 OpenSSL/0.9.2b configured -- resuming normal operations [Fri May 21 21:17:21 1999] [notice] child pid 2236 exit signal Segmentation fault (11) [Fri May 21 21:17:25 1999] [notice] child pid 2237 exit signal Segmentation fault (11) [Fri May 21 21:17:33 1999] [notice] child pid 2239 exit signal Segmentation fault (11) --- Apache 1.3.6 + mod_ssl-2.2.8-1.3.6 + openssl-0.9.2b (and with or w/o rsaref, and with or without mm) + Linux 2.0.35. From error_log right after apachectl startssl: [Fri May 21 21:20:26 1999] [notice] Apache/1.3.6 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.2b configured -- resuming normal operations [Fri May 21 21:20:33 1999] [notice] child pid 2354 exit signal Segmentation fault (11) --- I have tried with the default "snake oil" server cert/key created during the build, and also with a real Thawte cert. From the browser point of view (either Mac or WindowsNT versions of IE or Netscape), I can get to any http page no problem. But if I use https, then the index page will show with broken graphics (cant load the graphics), and I cannot get to anything in sub-directories without getting various "Security Error. Data Decryption error" or "bad data error" messages. I checked to see if Dave Paris' recent posting regarding ndbm.h applied to Slackware but it does not seem to apply here for Slackware release. Any ideas of things to try, or steps to debug this further to isolate the problem? -Rei __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Child pid exit signal Segmentation fault (11)
At 2:49 PM -0400 5/21/99, Shane Wilson wrote: >apache_1.3.6+mod_ssl-2.2.6+openssl-0.9.2b+php-3.0.7 on Linux 2.0.35. > >When I startup the server I can do a few https transactions, but every >time I click a link three of these appear in the log file. > >Child pid exit signal Segmentation fault (11) > >At this point I shutdown the server, when I restart it http works but >https returns a "server returned bad data error." FYI- Just tried building with the latest SNAPs of openssl and modssl along with apache1.3.6: mod_ssl-SNAP-19990521 openssl-SNAP-19990522-0330 This is on a Slackware 3.6 system with Linux 2.0.35. I deleted all old versions of things like mod_ssl, openssl, SSLeay and /usr/local/ssl. Then downloaded fresh tarballs and rebuilt following the standard 15-minute install at http://www.modssl.org/example/. There are no compiler errors. I am still getting the "child pid N exit signal Segmentation fault (11)" in the error_log. And from the browser, the graphics are shown as broken links. Trying to reload from the browser produces error messages at the browser. See below for tails of apache logs (some of it is xxx-ed out): # tail * ==> access_log <== xxx.xxx.xxx.xxx - - [21/May/1999:22:44:46 -0700] "GET / HTTP/1.1" 200 2493 ==> error_log <== [Fri May 21 22:44:42 1999] [notice] Apache/1.3.6 (Unix) mod_ssl/2.3.0 OpenSSL/0.9.3beta2-dev configured -- resuming normal operations [Fri May 21 22:45:06 1999] [notice] child pid 23030 exit signal Segmentation fault (11) [Fri May 21 22:45:13 1999] [notice] caught SIGTERM, shutting down ==> ssl_engine_log <== [21/May/1999 22:44:37] [info] Init: Seeding PRNG with 8 bytes of entropy [21/May/1999 22:44:37] [info] Init: Generating temporary RSA private keys (512/1024 bits) [21/May/1999 22:44:42] [info] Init: Configuring temporary DH parameters (512/1024 bits) [21/May/1999 22:44:42] [info] Init: Initializing (virtual) servers for SSL [21/May/1999 22:44:42] [info] Init: Configuring server xxx.xxx.com:443 for SSL protocol [21/May/1999 22:44:45] [info] Connection to child 0 established (server xxx.xxx.com:443) [21/May/1999 22:44:46] [info] Connection: Client IP: 207.155.77.130, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [21/May/1999 22:44:46] [info] Initial (No.1) HTTPS request received for child 0 (server xxx.xxx.com:443) [21/May/1999 22:44:46] [info] Connection to child 0 closed with unclean shutdown (server xxx.xxx.com:443) [21/May/1999 22:45:06] [info] Connection to child 1 established (server xxx.xxx.com:443) ==> ssl_request_log <== [21/May/1999:22:44:46 -0700] xxx.xxx.xxx.xxx SSLv3 RC4-MD5 "GET / HTTP/1.1" 2493 Hoping someone on the list will have some suggestions of other things to try... wondering if this is specific to Linux 2.0.35? -Rei __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Child pid exit signal Segmentation fault (11)
Rei, I believe the Slackware 3.6 dist has a buggy DBM library. I tried compiling the same thing on another box and I get the same thing. Try using this setting: SSLSessionCache None This seems to help. Or you can try recompiling Apache_SSL using the internal DBM library by setting this option during the 'configure' of mod_ssl: --enable-rule=SSL_SDBM Z On Fri, 21 May 1999, Rei Yoshioka wrote: > >To make a long story short, had a crash on one of my webservers and had > >to rebuild the machine. It was using apache_1.3.4+mod_ssl-2.2(?, sorry > >don't remeber)+openssl-0.9.2b+php-3.0.7 on Linux 2.0.33. This was the > >machine that my key and crt request were created on and mod_ssl with the > >server.crt had run for months on without problem. I had backups of all > >the date but still had to recreate the machine. > > > >The new machine is the following and also uses the original server.crt > >and server.key files > > > >apache_1.3.6+mod_ssl-2.2.6+openssl-0.9.2b+php-3.0.7 on Linux 2.0.35. > > > > > >When I startup the server I can do a few https transactions, but every > >time I click a link three of these appear in the log file. > > > >Child pid exit signal Segmentation fault (11) > > > >At this point I shutdown the server, when I restart it http works but > >https returns a "server returned bad data error." > > > >The compiles had no error, I've also tried to compile several older > >version combinations. Include one with SSLeay, but I always get the > >same results. > > > >Thank you for your time. > > > >Shane Wilson > >Centre College > > I get the same symptoms with a Slackware 3.6 setup (sorry for the "me > too" post, but I'm not using any other modules like php so there's > one tiny tidbit of new info): > > --- > > Apache 1.3.6 + mod_ssl-2.2.7 (tried older versions too) + > openssl-0.9.2b + Linux 2.0.35 > > From error_log right after apachectl startssl: > > [Fri May 21 21:17:17 1999] [notice] Apache/1.3.6 (Unix) mod_ssl/2.2.7 > OpenSSL/0.9.2b configured -- resuming normal operations > [Fri May 21 21:17:21 1999] [notice] child pid 2236 exit signal > Segmentation fault (11) > [Fri May 21 21:17:25 1999] [notice] child pid 2237 exit signal > Segmentation fault (11) > [Fri May 21 21:17:33 1999] [notice] child pid 2239 exit signal > Segmentation fault (11) > > --- > > Apache 1.3.6 + mod_ssl-2.2.8-1.3.6 + openssl-0.9.2b (and with or w/o > rsaref, and with or without mm) + Linux 2.0.35. > > From error_log right after apachectl startssl: > > [Fri May 21 21:20:26 1999] [notice] Apache/1.3.6 (Unix) mod_ssl/2.2.8 > OpenSSL/0.9.2b configured -- resuming normal operations > [Fri May 21 21:20:33 1999] [notice] child pid 2354 exit signal > Segmentation fault (11) > > --- > > I have tried with the default "snake oil" server cert/key created > during the build, and also with a real Thawte cert. > > From the browser point of view (either Mac or WindowsNT versions of > IE or Netscape), I can get to any http page no problem. But if I use > https, then the index page will show with broken graphics (cant load > the graphics), and I cannot get to anything in sub-directories > without getting various "Security Error. Data Decryption error" or > "bad data error" messages. > > I checked to see if Dave Paris' recent posting regarding ndbm.h > applied to Slackware but it does not seem to apply here for Slackware > release. > > Any ideas of things to try, or steps to debug this further to isolate > the problem? > > -Rei > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > -- Zivago 'Jaeman' Lee [EMAIL PROTECTED] -- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Child pid exit signal Segmentation fault (11) - FIXED
> >Hoping someone on the list will have some suggestions of other >things to try... wondering if this is specific to Linux 2.0.35? > Seems this is a problem with the DBM which comes with Slackware 3.6. From many moons ago: At 3:01 PM +0200 4/6/99, [EMAIL PROTECTED] wrote: >On Mon, Apr 05, 1999, [EMAIL PROTECTED] wrote: > > > Full_Name: Cliff Woolley > > Version: 2.2.4-2.2.7 at least > > OS: linux 2.2.5 slackware 3.6 > > Submission from: apocalypse.uc.wlu.edu (137.113.241.101) > > > > I had the strangest problem when first configuring Apache+mod_ssl from a > > fresh distribution copy of Apache -- only some of the images on a >page would > > load. Turns out that the session cache which I had configured to use DBM's > > wasn't working and that was why some of the sub-requests would work and > > others wouldn't.. it all depended on what child they connected to. there > > would be no error message logged by the server; just a complaint by the > > browser that the connection had been refused. finally I figured >out that if > > I just set this back to 'none' (the default), the whole thing works > > magically. this seems as if it could be a weird quirk of the dbm > > implementation under slackware 3.6 or something like that. > >Yeah, it was already discovered a few months ago by mod_ssl users that the >(N)DBM library under Slackware 3.6 is horribly broken. Use APACI option >--enable-rule=SSL_SDBM there, please. > > Ralf S. Engelschall > [EMAIL PROTECTED] > www.engelschall.com I tried setting "SSLSessionCache none" but that did not seem to do the trick. So I rebuilt everything again from fresh tarballs but used "--enable-rule=SSL_SDBM" when configuring modssl, and now things seem to be working! Thanks a lot to Zivago who wrote directly: At 11:51 PM -0700 5/21/99, Zivago 'Jaeman' Lee wrote: >Rei, > >I believe the Slackware 3.6 dist has a buggy DBM library. I tried >compiling the same thing on another box and I get the same thing. Try >using this setting: > >SSLSessionCache None > >This seems to help. Or you can try recompiling Apache_SSL using the >internal DBM library by setting this option during the 'configure' of >mod_ssl: > >--enable-rule=SSL_SDBM > >Z Thanks everyone! Now, are there any drawbacks to using the SDBM option instead of NDBM? -Rei __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Child pid exit signal Segmentation fault (11) - FIXED
On Sat, May 22, 1999 at 02:40:39AM -0700, Rei Yoshioka wrote: > > > >Hoping someone on the list will have some suggestions of other > >things to try... wondering if this is specific to Linux 2.0.35? > > > > Seems this is a problem with the DBM which comes with Slackware 3.6. > From many moons ago: I'd really like to know why the ndbm is broken on so many systems (including SuSE Linux). As I didn't run into the problem yet could anybody please provide a trace so the problem can be fixed in future releases ? -- Mit freundlichen Gruessen, Rolf Haberrecker SuSE GmbH, Tel: +49-911-7405331 Schanzaeckerstr. 10, Fax: +49-911-7417755 90443 Nuernberg, Email: [EMAIL PROTECTED] GermanyWWW: http://www.suse.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
