On 2010-01-09, <dal...@friedkin.com> <dal...@friedkin.com> wrote: > I tried emailing the NFSen list, but the message didn't seem to get posted; > maybe someone here can help. > > NFSen is installed and working on OpenBSD/amd64 4.6-stable box, but I'm seeing > errors that concern me. It seems the httpd processes crash and restart > periodically. The symptom is that sometimes the images don't load.
There was an incompatibility between an update to PHP and the Suhosin PHP patches/extension which we're using by default. This will definitely be responsible for the segfaults and very possibly also the canary mismatches. For a proper fix you need PHP built with a newer Suhosin patchset; you can either fetch a -stable ports tree and rebuild PHP, or move to -current then you can use packages. To workaround you can set 'suhosin.session.encrypt = off' in php.ini, this controls whether Suhosin encrypts session data files before they're stored on disk (rather useful to stop other users snooping on session files on a webserver shared between many users, but for this particular scenario you might not mind this being disabled). > /var/log/messages: > Dec 30 12:43:50 bsd suhosin[8177]: ALERT - canary mismatch on efree() - heap > overflow detected (attacker '172.16.103.93', file '/nfsen/nfsen.php') > Dec 30 12:45:54 bsd suhosin[25505]: ALERT - canary mismatch on efree() - heap > overflow detected (attacker '172.16.103.93', file '/nfsen/rrdgraph.php') > > /var/log/daemon: > Dec 30 12:40:00 bsd /usr/local/bin/nfcapd[27655]: Ident: 'router-a' Flows: > 59226, Packets: 4291111, Bytes: 1499443099, Sequence Errors: 561, Bad Packets: > 0 > Dec 30 12:40:00 bsd /usr/local/bin/nfcapd[155]: Ident: 'router-b' Flows: > 19650, Packets: 291815, Bytes: 118356398, Sequence Errors: 0, Bad Packets: 0 > Dec 30 12:40:01 bsd /usr/local/bin/nfcapd[10026]: Ident: 'router-c' Flows: > 4350, Packets: 137826, Bytes: 30433517, Sequence Errors: 0, Bad Packets: 0 > Dec 30 12:45:00 bsd /usr/local/bin/nfcapd[27655]: Ident: 'router-a' Flows: > 60408, Packets: 2594703, Bytes: 1021079600, Sequence Errors: 590, Bad Packets: > 0 > Dec 30 12:45:00 bsd /usr/local/bin/nfcapd[155]: Ident: 'router-b' Flows: > 19320, Packets: 765136, Bytes: 292342858, Sequence Errors: 0, Bad Packets: 0 > Dec 30 12:45:00 bsd /usr/local/bin/nfcapd[10026]: Ident: 'router-c' Flows: > 4800, Packets: 630851, Bytes: 78055611, Sequence Errors: 0, Bad Packets: 0 > > /var/log/nfsen: > Dec 30 12:43:34 bsd nfsen[22713]: nfsend: Got SIGUSR1 > Dec 30 12:43:34 bsd nfsen[22713]: Signal comm server to terminate > Dec 30 12:43:35 bsd nfsen[26369]: Quit comm server. > Dec 30 12:43:35 bsd nfsen[26369]: Cleanup plugins > Dec 30 12:43:35 bsd nfsen[26369]: Comm server terminated: [26369]. > Dec 30 12:43:35 bsd nfsen[22713]: expected exit of child Comm Server[26369]. > Process died. > Dec 30 12:43:35 bsd nfsen[22713]: Restart /usr/local/bin/nfsend > Dec 30 12:43:36 bsd nfsen[22713]: Startup. Version: 1.3.2 $Id: nfsend 14 > 2009-06-10 08:07:06Z haag $ > Dec 30 12:43:36 bsd nfsen[22291]: nfsend: [22291] > Dec 30 12:43:36 bsd nfsen[28699]: Comm server started: [28699] > Dec 30 12:43:36 bsd nfsen[28699]: Loading plugin 'PortTracker': Success > Dec 30 12:43:36 bsd nfsen[28699]: PortTracker: Init > Dec 30 12:43:36 bsd nfsen[28699]: Initializing plugin 'PortTracker': Success > Dec 30 12:43:36 bsd nfsen[28699]: plugin 'PortTracker': Profile plugin: 0, > Alert condition plugin: 0, Alert action plugin: 0 > Dec 30 12:43:36 bsd nfsen[28699]: No site specific lookup module found > Dec 30 12:43:37 bsd nfsen[22291]: Run periodic at Wed Dec 30 12:40:00 2009 > Dec 30 12:43:37 bsd nfsen[22291]: No update required. Last successful update > was Wed Dec 30 12:35:00 2009 > Dec 30 12:43:37 bsd nfsen[22291]: Run expire at Wed Dec 30 12:40:00 2009 > Dec 30 12:43:37 bsd nfsen[22291]: End expire at Wed Dec 30 12:40:00 2009 > Dec 30 12:43:50 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:43:50 bsd nfsen[28699]: comm server started: 247 > Dec 30 12:43:50 bsd nfsen[247]: Cmd Decode: get-globals > Dec 30 12:43:50 bsd nfsen[247]: Cmd Decode: get-du > Dec 30 12:43:50 bsd nfsen[247]: comm child[4620] terminated with no exit > value > Dec 30 12:43:50 bsd nfsen[247]: Cmd Decode: get-profile > Dec 30 12:43:50 bsd nfsen[247]: Cmd Decode: quit > Dec 30 12:43:50 bsd nfsen[28699]: comm child[247] terminated with no exit > value > Dec 30 12:44:15 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:15 bsd nfsen[28699]: comm server started: 20672 > Dec 30 12:44:15 bsd nfsen[20672]: Cmd Decode: get-globals > Dec 30 12:44:15 bsd nfsen[20672]: Cmd Decode: get-du > Dec 30 12:44:15 bsd nfsen[20672]: comm child[21819] terminated with no exit > value > Dec 30 12:44:15 bsd nfsen[20672]: Cmd Decode: get-profile > Dec 30 12:44:15 bsd nfsen[20672]: Cmd Decode: quit > Dec 30 12:44:15 bsd nfsen[28699]: comm child[20672] terminated with no exit > value > Dec 30 12:44:18 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:18 bsd nfsen[28699]: comm server started: 29839 > Dec 30 12:44:18 bsd nfsen[29839]: Cmd Decode: get-globals > Dec 30 12:44:18 bsd nfsen[29839]: Cmd Decode: get-du > Dec 30 12:44:18 bsd nfsen[29839]: comm child[19020] terminated with no exit > value > Dec 30 12:44:18 bsd nfsen[29839]: Cmd Decode: get-profile > Dec 30 12:44:18 bsd nfsen[29839]: Cmd Decode: quit > Dec 30 12:44:18 bsd nfsen[28699]: comm child[29839] terminated with no exit > value > Dec 30 12:44:18 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:18 bsd nfsen[28699]: comm server started: 7567 > Dec 30 12:44:18 bsd nfsen[7567]: Cmd Decode: get-picture > Dec 30 12:44:18 bsd nfsen[28699]: comm child[7567] terminated with no exit > value > Dec 30 12:44:18 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:18 bsd nfsen[28699]: comm server started: 14230 > Dec 30 12:44:18 bsd nfsen[14230]: Cmd Decode: get-picture > Dec 30 12:44:18 bsd nfsen[28699]: comm child[14230] terminated with no exit > value > Dec 30 12:44:18 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:18 bsd nfsen[28699]: comm server started: 30773 > Dec 30 12:44:18 bsd nfsen[30773]: Cmd Decode: get-picture > Dec 30 12:44:18 bsd nfsen[28699]: comm child[30773] terminated with no exit > value > Dec 30 12:44:18 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:18 bsd nfsen[12659]: Cmd Decode: get-picture > Dec 30 12:44:18 bsd nfsen[28699]: comm server started: 12659 > Dec 30 12:44:18 bsd nfsen[28699]: comm child[12659] terminated with no exit > value > Dec 30 12:44:19 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:19 bsd nfsen[28699]: comm server started: 25466 > Dec 30 12:44:19 bsd nfsen[25466]: Cmd Decode: get-picture > Dec 30 12:44:19 bsd nfsen[28699]: comm child[25466] terminated with no exit > value > Dec 30 12:44:20 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:20 bsd nfsen[28699]: comm server started: 32649 > Dec 30 12:44:20 bsd nfsen[32649]: Cmd Decode: get-picture > Dec 30 12:44:20 bsd nfsen[28699]: comm child[32649] terminated with no exit > value > Dec 30 12:44:20 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:20 bsd nfsen[28699]: comm server started: 1356 > Dec 30 12:44:20 bsd nfsen[1356]: Cmd Decode: get-picture > Dec 30 12:44:20 bsd nfsen[28699]: comm child[1356] terminated with no exit > value > Dec 30 12:44:21 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:21 bsd nfsen[28699]: comm server started: 14868 > Dec 30 12:44:21 bsd nfsen[14868]: Cmd Decode: get-picture > Dec 30 12:44:21 bsd nfsen[28699]: comm child[14868] terminated with no exit > value > Dec 30 12:44:21 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:21 bsd nfsen[28699]: comm server started: 19042 > Dec 30 12:44:21 bsd nfsen[19042]: Cmd Decode: get-picture > Dec 30 12:44:21 bsd nfsen[28699]: comm child[19042] terminated with no exit > value > Dec 30 12:44:21 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:21 bsd nfsen[28699]: comm server started: 21012 > Dec 30 12:44:21 bsd nfsen[21012]: Cmd Decode: get-picture > Dec 30 12:44:21 bsd nfsen[28699]: comm child[21012] terminated with no exit > value > Dec 30 12:44:21 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:21 bsd nfsen[28699]: comm server started: 4741 > Dec 30 12:44:21 bsd nfsen[4741]: Cmd Decode: get-picture > Dec 30 12:44:21 bsd nfsen[28699]: comm child[4741] terminated with no exit > value > Dec 30 12:44:22 bsd nfsen[28699]: connection on UNIX socket > Dec 30 12:44:22 bsd nfsen[28699]: comm server started: 31416 > Dec 30 12:44:22 bsd nfsen[31416]: Cmd Decode: get-picture > Dec 30 12:44:22 bsd nfsen[28699]: comm child[31416] terminated with no exit > value > > /var/www/logs/error_log: > [Wed Dec 30 12:43:50 2009] [error] ALERT - canary mismatch on efree() - heap > overflow detected (attacker '172.16.103.93', file '/nfsen/nfsen.php') > [Wed Dec 30 12:44:19 2009] [notice] child pid 26379 exit signal Segmentation > fault (11) > [Wed Dec 30 12:44:19 2009] [notice] child pid 31453 exit signal Segmentation > fault (11) > [Wed Dec 30 12:44:19 2009] [notice] child pid 17886 exit signal Segmentation > fault (11) > [Wed Dec 30 12:44:19 2009] [notice] child pid 24757 exit signal Segmentation > fault (11) > [Wed Dec 30 12:44:19 2009] [notice] child pid 18624 exit signal Segmentation > fault (11) > [Wed Dec 30 12:44:19 2009] [notice] child pid 14999 exit signal Segmentation > fault (11) > [Wed Dec 30 12:44:20 2009] [notice] child pid 9317 exit signal Segmentation > fault (11) > [Wed Dec 30 12:44:21 2009] [notice] child pid 8716 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:23 2009] [notice] child pid 27216 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:24 2009] [notice] child pid 26615 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:24 2009] [notice] child pid 1741 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:29 2009] [notice] child pid 4000 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:29 2009] [notice] child pid 28261 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:29 2009] [notice] child pid 30546 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:29 2009] [notice] child pid 29486 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:29 2009] [notice] child pid 21494 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:29 2009] [notice] child pid 6498 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:29 2009] [notice] child pid 22171 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 29606 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 16008 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 10739 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 4137 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 1433 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 20453 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 10722 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 22315 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 20619 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 32217 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 32265 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 20392 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 7813 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 4377 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:33 2009] [notice] child pid 31670 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:38 2009] [notice] child pid 15880 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:38 2009] [notice] child pid 25293 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:38 2009] [notice] child pid 3920 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:38 2009] [notice] child pid 25766 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:38 2009] [notice] child pid 161 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:38 2009] [notice] child pid 12423 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:38 2009] [notice] child pid 3733 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:38 2009] [notice] child pid 24224 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:38 2009] [notice] child pid 7508 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:38 2009] [notice] child pid 6928 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:38 2009] [notice] child pid 10552 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:49 2009] [notice] child pid 22538 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:49 2009] [notice] child pid 28196 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:49 2009] [notice] child pid 11695 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:54 2009] [error] ALERT - canary mismatch on efree() - heap > overflow detected (attacker '172.16.103.93', file '/nfsen/rrdgraph.php') > [Wed Dec 30 12:45:54 2009] [notice] child pid 10757 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:54 2009] [notice] child pid 17924 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:54 2009] [notice] child pid 3450 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:54 2009] [notice] child pid 24701 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:54 2009] [notice] child pid 17469 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:54 2009] [notice] child pid 3825 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:54 2009] [notice] child pid 17640 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:54 2009] [notice] child pid 16060 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:54 2009] [notice] child pid 31052 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:54 2009] [notice] child pid 25870 exit signal Segmentation > fault (11) > [Wed Dec 30 12:45:54 2009] [notice] child pid 16887 exit signal Segmentation > fault (11) > [Wed Dec 30 12:46:01 2009] [notice] child pid 29915 exit signal Segmentation > fault (11) > [Wed Dec 30 12:46:01 2009] [notice] child pid 28015 exit signal Segmentation > fault (11) > [Wed Dec 30 12:46:01 2009] [notice] child pid 12559 exit signal Segmentation > fault (11) > [Wed Dec 30 12:46:01 2009] [notice] child pid 17733 exit signal Segmentation > fault (11) > [Wed Dec 30 12:46:01 2009] [notice] child pid 27716 exit signal Segmentation > fault (11) > [Wed Dec 30 12:46:01 2009] [notice] child pid 7892 exit signal Segmentation > fault (11) > [Wed Dec 30 12:46:03 2009] [notice] child pid 3917 exit signal Segmentation > fault (11) > [Wed Dec 30 12:46:03 2009] [notice] child pid 28738 exit signal Segmentation > fault (11) > [Wed Dec 30 12:46:03 2009] [notice] child pid 23338 exit signal Segmentation > fault (11) > > installed packages: > # pkg_info > GeoIP-1.4.6 find the country where IP address/hostname originates > from > arc-5.21op1 create & extract files from DOS .ARC files > autoconf-2.61p3 automatically configure source code on many Un*x > platforms > bzip2-1.0.5 block-sorting file compressor, unencumbered > calamaris-2.59 proxy-cache-servers logfiles analizer > flow-tools-0.68p1 cisco NetFlow utilities > flowd-0.9.1 NetFlow collector > freetype-1.3.1p3 free and portable TrueType font rendering engine > gd-2.0.35 library for dynamic creation of images > gettext-0.17p0 GNU gettext > gmp-4.3.1 library for arbitrary precision arithmetic > jpeg-6bp5 IJG's JPEG compression utilities > lha-1.14i.ac20050924.1 archive files using LZW compression (.lzh files) > libart-2.3.20p0 high-performance 2D graphics library > libdnet-1.10p3 portable low-level networking library > libiconv-1.13 character set conversion library > libltdl-1.5.26 GNU libtool system independent dlopen wrapper > libtool-1.5.26p0 generic shared library support script > libxml-2.6.32p2 XML parsing library > lua-5.1.4p0 powerful, light-weight programming language > metaauto-0.9 wrapper for gnu auto* > net-snmp-5.4.2.1p1 extendable SNMP implementation > nfdump-1.5.8 tools to collect and process netflow data > nfprofile-1.5.8 filters data from nfdump according to profiles > p5-Crypt-DES-2.05p1 interface to the DES encryption algorithm > p5-Digest-HMAC-1.01p0 interface to HMAC Message-Digest Algorithms > p5-Digest-SHA1-2.12 module to calculate SHA1 digests > p5-GD-2.41 module to interface with the GD graphics library > p5-GD-Graph-1.43p0 module for graph plotting > p5-GD-TextUtil-0.86p0 text utilities for use with GD drawing package > p5-IO-INET6-2.01p0 object interface for AF_INET and AF_INET6 domain sockets > p5-Net-SNMP-5.2.0 Perl modules to access SNMP > p5-RRD-1.2.30 perl interface to librrd > p5-SNMP_Session-1.12 provides rudimentary access to remote SNMP agents > p5-Socket6-0.22 Perl defines relating to AF_INET6 sockets > pcre-7.9 perl-compatible regular expression library > pear-1.7.2 base classes for common PHP tasks > pear-utils-1.7.2 utilities for managing pear extensions > php5-core-5.2.10 server-side HTML-embedded scripting language > php5-gd-5.2.10-no_x11 image manipulation extensions for php5 > png-1.2.35 library for manipulating PNG images > python-2.5.4p1 interpreted object-oriented programming language > rrdtool-1.2.30 system to store and display time-series data > sqlite3-3.6.13p0 embedded SQL implementation > squid-2.7.STABLE6 WWW and FTP proxy cache and accelerator > t1lib-5.1.0p1 Type 1 rasterizer library for UNIX/X11 > unzip-5.52p0 extract, list & test files in a ZIP archive > webalizer-2.01.10p7 web server log file analysis program > zoo-2.10.1p1 handle the old .ZOO archive format
