Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 21 Jun 2012 04:39:11 -0400
From:      Michael Powell <nightrecon@hotmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: apache PHP suhosin load
Message-ID:  <jrumj8$b1o$1@dough.gmane.org>
References:  <CAEFCw4uyugX6t2PEJREVZMRCnKhmBz81QXS2MGvYBX3O6-HWaQ@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
n dhert wrote:

> On FreeBSD 8.3 I have apache22 web server with PHP. PHP is PHP52 for
> compatibility with existing applications, but the most recent version
> in the php52 branch
> $ php --version
> PHP 5.2.17 with Suhosin-Patch 0.9.7 (cli) (built: May  7 2012 08:45:58)
> 
>>From time to time, I notice in a top output, that a huge number of httpd
> daemons are being started, making the load rapidly increase to levels of
> 5, 10, 15, ... and very slow interactive respons ...
> 
> Stopping apache makes the load rapidly decrease to a normal level.
> 
> I noticed at the console, at stopping apache, several messages such as
> 
> Jun 14 09:12:20 macos kernel: Jun 14 09:12:20 macos suhosin[28824]: ALERT
> - canary mismatch on efree() - heap overflow detected (attacker
> 'REMOTE_ADDR not set', file
> '/home/wins/win/win/www/wiki/mediawiki-1.16.0/includes/AutoLoader.php',
> line 654)
> 
> (the file value differs, but it's always "suhosin .. canany mismatch
> - heap overflow detected")
> My PHP has following options set
> # cd /usr/ports/lang/php52
> 
> My PHP has following options set
> # cd /usr/ports/lang/php52
> # make showconfig
> ===> The following configuration options are available for php52-5.2.17_8:
>      CLI=on: Build CLI version
>      CGI=on: Build CGI version
>      APACHE=on: Build Apache module
>      DEBUG=off: Enable debug
>      SUHOSIN=on: Enable Suhosin protection system (not for jails)
>      MULTIBYTE=off: Enable zend multibyte support
>      IPV6=on: Enable ipv6 support
>      MAILHEAD=off: Enable mail header patch
>      REDIRECT=off: Enable force-cgi-redirect support (CGI only)
>      DISCARD=off: Enable discard-path support (CGI only)
>      FASTCGI=on: Enable fastcgi support (CGI only)
>      FPM=off: Enable fastcgi process manager (CGI only)
>      PATHINFO=on: Enable path-info-check support (CGI only)
>      LINKTHR=off: Link thread lib (for threaded extensions)
> 
> Is that heap overlow causing the trouble? Has suhosin to do something with
> it?

Most likely - yes. I noticed in your config above you built and installed the 
Apache PHP module in addition to CGI/FastCGI. If you are running Apache in a 
FastCGI mode you should check and make sure the following is indeed 
commented out like below:  

#LoadModule php5_module        libexec/apache22/libphp5.so

The general purpose meaning of this error is that PHP has detected some form 
of memory corruption. But as to why/what exactly it doesn't help much.

The general way I used to look at Apache and PHP problems was to isolate 
pieces. Like only loading the core PHP and no extensions by renaming the 
extensions.ini to extensions.ini.bak. This is bound to cause problems as 
most PHP apps today require a certain basic number of modules enabled in 
order to work. 

2 things to troubleshoot looking for a bad module: comment each out one at a 
time and restart. When you comment out the bad one you will no longer see 
the error. Another second item to be aware of is sometimes certain module 
combinations need to be loaded in extensions.ini in a specific order. 
Figuring out this order can be nightmarish, should it ever actaully be found 
to be a problem. Long time ago someone wrote a script to automate this.

I seem to have a distant memory that back in early PHP 5.2.x days I had a 
problem with the mcrypt module. Maybe try commenting that one out first. If 
you don't need it leave it that way.  I also seem to have experienced this 
error a second time, and it was from a bad interaction between Suhosin patch 
and two other build options being enabled, one was the Mailhead and I don't 
remember what the other one was(maybe it was IPv6). I found when I disabled 
these 2 things I could build with the Suhosin patch and stuff ran correctly. 

-Mike







Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?jrumj8$b1o$1>