RE: [mod-security-users] Chroot and worker MPM?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
RE: [mod-security-users] Chroot and worker MPM?
|
From: Jeff T. <jt...@es...> - 2005-07-11 13:46:17
|
Ivan, Great, Thanks. Let me know if you'd like my help in testing this. I = agree that the multi-threaded MPM and ModSecurity's internal chroot = should make for a good combination. Jeff -----Original Message----- From: Ivan Ristic [mailto:iv...@we...]=20 Sent: Monday, July 11, 2005 5:15 AM To: Jeff Tharp Cc: mod...@li... Subject: Re: [mod-security-users] Chroot and worker MPM? Jeff Tharp wrote: > I'm getting a weird error when configuring chroot using SecChrootDir=20 > and using the worker MPM. Hoping someone else has ran across this=20 > before and has some ideas. >=20 > Versions are as follows: Red Hat Enterprise Linux v4, Apache 2.0.54,=20 > ModSecurity 1.8.7 > > ... > > libgcc_s.so.1 must be installed for pthread_cancel to work [Thu Jul 07 = > 17:07:11 2005] [notice] child pid 3428 exit signal Aborted > (6) I can confirm the same happens with stock 2.0.54 on Fedora Core 1, although my Apache does not segfault. It appears that the required library libgcc_s.so.1 is not loaded before chroot takes place (and it certainly cannot be loaded afterwards). Moving the library into jail worked for me. I placed it into ~/apache2/lib. What also worked is an attempt to load the library before chroot takes place, from mod_security itself (by creating a thread that does nothing.) I've made a TODO note for myself to see if this hack is portable at all, or whether it can be #ifdef-ed. Getting it to work would be really nice, because the internal chroot measure would work really well for a multithreaded Apache working as a reverse proxy only. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source = web application firewall - http://www.modsecurity.org -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.12/46 - Release Date: 7/11/2005 =20 --=20 No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.12/46 - Release Date: 7/11/2005 =20 |
