From owner-freebsd-isp Wed Mar 11 18:17:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA06346 for freebsd-isp-outgoing; Wed, 11 Mar 1998 18:17:27 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from gjp.erols.com (alex-va-n008c243.moon.jic.com [206.156.18.253]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA06264 for ; Wed, 11 Mar 1998 18:17:03 -0800 (PST) (envelope-from gjp@gjp.erols.com) Received: from gjp.erols.com (localhost.erols.com [127.0.0.1]) by gjp.erols.com (8.8.8/8.8.7) with ESMTP id VAA17182; Wed, 11 Mar 1998 21:16:10 -0500 (EST) (envelope-from gjp@gjp.erols.com) X-Mailer: exmh version 2.0.1 12/23/97 To: "Jeffrey J. Mountin" cc: Kevin Day , dev@wopr.inetu.net (Dev), isp@FreeBSD.ORG From: "Gary Palmer" Subject: Re: Runaway web server. In-reply-to: Your message of "Wed, 11 Mar 1998 19:03:15 CST." <3.0.3.32.19980311190315.00752e34@156.46.92.70> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 11 Mar 1998 21:16:10 -0500 Message-ID: <17178.889668970@gjp.erols.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Jeffrey J. Mountin" wrote in message ID <3.0.3.32.19980311190315.00752e34@156.46.92.70>: > In either case there was nothing suspicious/malicious in the logs around the > time of the runaways, but someone did try to exploit a bug of 1.2.4 (or earli > er?) with an invalid URL that was _really_ long, which didn't work. :) Since Apache doesn't log until completion (either through erroring out or the URL being delivered) its possible its an exploitable bug. > At least this was only one child process on 2 different occasions, but consid > ering how far both FBSD and Apache have come, it bothers me somewhat and now > someone else has a more serious problem. It would be really helpful if ppl experiencing this ran apache with debugging symbols compiled in and gdb attached to the runaway process and traced it to see what it was doing. We can speculate until we're blue in the face, but thats all it is... We use FreeBSD where I work too, and in a fairly heavily hit area (our POP servers see 100 pop sessions a second, probably gone up since that figure was calculated a few months ago). To date I haven't seen a runaway process on our servers. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message