I been seeing weird issues with open basedir in 4.4.x and others have also got another bug report going, my bug report keeps been marked as bogus tho the devs are refusing to believe their is a problem that randomly surfaces.
open_basedir
- Thread starter thoroughfare
- Start date
duke28
Verified User
but its the same problem with php5
but its work if i put in the PHP.INI
open_basedir = /home
so now the person is limited to /home ..
its working on the php.ini but not in the virtual host..
but its work if i put in the PHP.INI
open_basedir = /home
so now the person is limited to /home ..
its working on the php.ini but not in the virtual host..
duke28
Verified User
i found PHP CGI dont allow openbase_dir in virtual host..
just PHP CLI can do this..
but not normal..
just PHP CLI can do this..
but not normal..
There is some weird issue with open_basedir on DA.
We have been running open_basedir on 157 sites on cpanel for years and never had an issue. The moment we moved those sites to DA and enforced open_basedir restrictions on the same, identical websites the following errors were noticed in the logs;
Thousands of these over the course of a month;
[Mon Oct 16 03:32:04 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Oct 16 03:32:04 2006] [notice] Accept mutex: flock (Default: flock)
[Mon Oct 16 03:47:09 2006] [notice] child pid 60218 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:01 2006] [notice] child pid 60267 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:03 2006] [notice] child pid 60260 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:06 2006] [notice] child pid 60213 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:09 2006] [notice] child pid 60214 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:14 2006] [notice] child pid 60219 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:18 2006] [notice] child pid 60603 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:23 2006] [notice] child pid 60266 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:27 2006] [notice] child pid 60268 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:32 2006] [notice] child pid 60265 exit signal Illegal instruction (4)
We searched for almost a month to find the cause of this issue almost restoring our OS. One last and final thing we did not do was remove open_basedir from all the sites.
The moment we did that, Apache stopped seagulfing and core dumping. Not one single illegal instruction message in the logs files after that.
So the 1 million dollar question is this. What is do different between Cpanel and DA open_basedir protection? There should be no difference as we never had Apache issues on Cpanel but under DA we do.
Something is not right with this. If you have 157 website not core dumping Apache on Cpanel then they should not be core dumping Apache on DA unless the open_basedir protection on DA and the way it modified httpd.conf for each virtual site is hosed somewhere.
We almost went out of our minds to find out why these errors were appearing. Can you believe we searched for the cause for 26 days straight? Even got DA involved and they couldnt work out the problem. It was simple. Remove OBD on all sites but that really doesnt explain why Apache core dumps. Doesnt happen on Cpanel.
In order to enforce it on sites we have to do it site by site then watch the logs. What a time consuming chore that will be. Cant image which application on which web site could be the culprit as most people simply run everyday applications and mostly forums. PHPBBS, Invisions and Vbulletin have never causes these issue under OBD. At least not on cpanel.
We have been running open_basedir on 157 sites on cpanel for years and never had an issue. The moment we moved those sites to DA and enforced open_basedir restrictions on the same, identical websites the following errors were noticed in the logs;
Thousands of these over the course of a month;
[Mon Oct 16 03:32:04 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Oct 16 03:32:04 2006] [notice] Accept mutex: flock (Default: flock)
[Mon Oct 16 03:47:09 2006] [notice] child pid 60218 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:01 2006] [notice] child pid 60267 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:03 2006] [notice] child pid 60260 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:06 2006] [notice] child pid 60213 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:09 2006] [notice] child pid 60214 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:14 2006] [notice] child pid 60219 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:18 2006] [notice] child pid 60603 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:23 2006] [notice] child pid 60266 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:27 2006] [notice] child pid 60268 exit signal Illegal instruction (4)
[Mon Oct 16 03:56:32 2006] [notice] child pid 60265 exit signal Illegal instruction (4)
We searched for almost a month to find the cause of this issue almost restoring our OS. One last and final thing we did not do was remove open_basedir from all the sites.
The moment we did that, Apache stopped seagulfing and core dumping. Not one single illegal instruction message in the logs files after that.
So the 1 million dollar question is this. What is do different between Cpanel and DA open_basedir protection? There should be no difference as we never had Apache issues on Cpanel but under DA we do.
Something is not right with this. If you have 157 website not core dumping Apache on Cpanel then they should not be core dumping Apache on DA unless the open_basedir protection on DA and the way it modified httpd.conf for each virtual site is hosed somewhere.
We almost went out of our minds to find out why these errors were appearing. Can you believe we searched for the cause for 26 days straight? Even got DA involved and they couldnt work out the problem. It was simple. Remove OBD on all sites but that really doesnt explain why Apache core dumps. Doesnt happen on Cpanel.
In order to enforce it on sites we have to do it site by site then watch the logs. What a time consuming chore that will be. Cant image which application on which web site could be the culprit as most people simply run everyday applications and mostly forums. PHPBBS, Invisions and Vbulletin have never causes these issue under OBD. At least not on cpanel.
Last edited:
toml
Verified User
I assume your Cpanel servers were running the same exact version of Apache and PHP on the same OS. Otherwise, I don't think it is fair to try to put the blame on DA. All DA does is package a few scripts to compile Apache/PHP and other modules together.
Illegal instructions usually happen when the system tries to run data as code. This commonly happens when the stack gets overwritten by some bad code. More than likely it is a bug in the version of PHP or some other module loaded in Apache.
The fact that open_basedir causes it to work, might make it appear that is the cause of the problem. The real problem is still happening. Only without the open_basedir, the stack is not getting overwritten, some other memory is in a more benign way.
Doing my search, I saw a few references to upgrade to a snapshot of Php. I wasn't paying attention to the version being used there, but that could be the problem.
Illegal instructions usually happen when the system tries to run data as code. This commonly happens when the stack gets overwritten by some bad code. More than likely it is a bug in the version of PHP or some other module loaded in Apache.
The fact that open_basedir causes it to work, might make it appear that is the cause of the problem. The real problem is still happening. Only without the open_basedir, the stack is not getting overwritten, some other memory is in a more benign way.
Doing my search, I saw a few references to upgrade to a snapshot of Php. I wasn't paying attention to the version being used there, but that could be the problem.
OBD is OBD doenst really matters which OS your running. If it doesnt work the site will surely know about it. In this case the site owner was never told of any error otherwise they would have reportedi. Instead. OBD was kicking these erorrs. In fact, on Cpanel we has 8 additional modules compiled into php. We have 8 less than we did on cpanel and the same identical version of php and Apache is running now. The only different being cpanel was being run of Freebsd 5.4 while we are running 6.1 on multiple servers under DA. We run the exact config on 5 others DA servers and this is the only server that producing those errors under OBD. On our other boxes we are running Safe mode and OBD on all boxes. No issues. OBD and Safe mode is disabled on just one box due to errors.
toml
Verified User
I really does matter what OS you are running. If you know anything about programming on mulitple platforms, you would know that. I have seen many times code that runs perfect on Solaris fails on AIX or works perfect on HP-UX but fails on Solaris. They all map the stack and heap differently and that is why you see these differences when you have a null or unitialized pointer. If all the other DA servers are the same exact OS/Apache/Php and it runs fine, then I would try updating the OS and rebuilding the customapache and see if that fixes the problem.pucky said:
We were running Apache 1.3.37 incarnation package on Freebsd 5.4. Today we are running 1.3.37 on Freebsd 6.1 with issues. Maybe its Freebsd maybe its bad code. Wonder why Cpanel never kicked these errors. In any event, we will start adding OBD back on all sites page by page until we start seeing these errors again. Hopefully we can track down the site and find out what they are running.