Hi there,
i know that grsec 1.9.4 isn't really up to date, but before building a new
kernel at all i want to ask first if my problem is a grsec problem.
I have apache 1.3.26 with php 4.2.3 running in a chroot enviroment.
After a couple of days (about 5) php runs out of memory. log entrys:
PHP Fatal error: Allowed memory size of 12582912 bytes exhausted (tried to allocate 42 bytes) in Unknown on line 0
Can the source of that be CHROOT_CAPS or PaX setup?
thanks for help
grsec 1.9.4 + apache 1.3.26 + php 4.2.3 -> out of memory?
6 posts
• Page 1 of 1
grsec 1.9.4 + apache 1.3.26 + php 4.2.3 -> out of memory?
by Darkman » Sat Sep 28, 2002 9:34 am
- Darkman
- Posts: 4
- Joined: Sat Sep 28, 2002 9:30 am
Re: grsec 1.9.4 + apache 1.3.26 + php 4.2.3 -> out of mem
by PaX Team » Sat Sep 28, 2002 2:49 pm
Darkman wrote:After a couple of days (about 5) php runs out of memory. log entrys:
PHP Fatal error: Allowed memory size of 12582912 bytes exhausted (tried to allocate 42 bytes) in Unknown on line 0
Can the source of that be CHROOT_CAPS or PaX setup?
speaking of PaX only, you can run out of memory only when ASLR (randomization) is in effect and a task wants to use up almost all its address space (3GB on i386). this should be easy to decide, if it's possible to catch the task that's about to run out of memory (i assume after it does it will exit, so it may not be trivial), you should stop it and post the 'cat /proc/<pid>/maps' output here. i would also note that even if this proves to be the case, there's not much we or you can do about it, your task would very likely run out of memory anyway even without ASLR.
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
by Darkman » Sat Sep 28, 2002 2:59 pm
mh, okay, chpax show me:
usr/sbin/httpd: paging based PAGE_EXEC is disabled, trampolines are not emulated, mprotect() is restricted, mmap() base is randomized, ET_EXEC base is not randomized, segmentation based PAGE_EXEC is enabled
so i have mmap randomization enabled which can be the problem, right?
It's correct that the process died if it runs out of memory ;) But not
immedially. I see serval httpd processes running with ~ 99% CPU
time and hanging around befor they die. So i will use such a process
to check the maps. After a while the process will die with a segfault.
thanks for reply
usr/sbin/httpd: paging based PAGE_EXEC is disabled, trampolines are not emulated, mprotect() is restricted, mmap() base is randomized, ET_EXEC base is not randomized, segmentation based PAGE_EXEC is enabled
so i have mmap randomization enabled which can be the problem, right?
It's correct that the process died if it runs out of memory ;) But not
immedially. I see serval httpd processes running with ~ 99% CPU
time and hanging around befor they die. So i will use such a process
to check the maps. After a while the process will die with a segfault.
thanks for reply
- Darkman
- Posts: 4
- Joined: Sat Sep 28, 2002 9:30 am
Re: grsec 1.9.4 + apache 1.3.26 + php 4.2.3 -> out of mem
by Darkman » Thu Oct 10, 2002 5:54 pm
[quote="PaX Team"]
you should stop it and post the 'cat /proc/<pid>/maps' output here.[/quote]
Okay, here we go, apache/php runs out of mem and thats how maps
look like: http://www.darkman.de/httpd.maps
(to much to post here imho.)
Any Idea?
Greets and thanks
you should stop it and post the 'cat /proc/<pid>/maps' output here.[/quote]
Okay, here we go, apache/php runs out of mem and thats how maps
look like: http://www.darkman.de/httpd.maps
(to much to post here imho.)
Any Idea?
Greets and thanks
- Darkman
- Posts: 4
- Joined: Sat Sep 28, 2002 9:30 am
Re: grsec 1.9.4 + apache 1.3.26 + php 4.2.3 -> out of mem
by PaX Team » Thu Oct 10, 2002 7:03 pm
Darkman wrote:Okay, here we go, apache/php runs out of mem and thats how maps look like: http://www.darkman.de/httpd.maps
(to much to post here imho.)
Any Idea?
hmm, what options were enabled for this process? it seems that
mprotect() restrictions were on but randomization was off. in any
case i don't see how PaX could cause an out of memory problem
(there's enough space for sbrk() and mmap() based allocations,
even if randomization was enabled in fact).
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
by Darkman » Thu Oct 10, 2002 7:18 pm
chpax shows:
chpax -v /chroot/webserver/usr/sbin/httpd
/chroot/webserver/usr/sbin/httpd: paging based PAGE_EXEC is disabled, trampolines are not emulated, mprotect() is restricted, mmap() base is not randomized, ET_EXEC base is not randomized, segmentation based PAGE_EXEC is enabled
so mprot is restricted, yes. I dunno if pax or grsec is the problem of the
out of memory, thats just a shot in the blue cause grsec is the only difference
to another maschine where it works. I still can just thank you for your
time + help :)
chpax -v /chroot/webserver/usr/sbin/httpd
/chroot/webserver/usr/sbin/httpd: paging based PAGE_EXEC is disabled, trampolines are not emulated, mprotect() is restricted, mmap() base is not randomized, ET_EXEC base is not randomized, segmentation based PAGE_EXEC is enabled
so mprot is restricted, yes. I dunno if pax or grsec is the problem of the
out of memory, thats just a shot in the blue cause grsec is the only difference
to another maschine where it works. I still can just thank you for your
time + help :)
- Darkman
- Posts: 4
- Joined: Sat Sep 28, 2002 9:30 am
6 posts
• Page 1 of 1