Potential DoS in cgi.rb with apache & mod_fastcgi

[Xavier]

Hi Group,

I am getting many errors like the following in my apache logs:

/usr/lib/ruby/1.8/cgi.rb:725: [BUG] rb_sys_fail() - errno == 0
ruby 1.8.2 (2004-12-25) [i686-linux]

This error occurs whenever the client breaks the connection.
The fastcgi process logs the error and exits with an untrapped signal 6
error message.

This can lead to a DoS because mod_fastcgi will stop spawning fcgi's
whenever processes have failed to keep running for at least 30 seconds.

How could I either prevent cgi.rb from breaking or trap and recover from
the signal 6?
A simple Signal.trap(6) does not work, e.g.

FCGI.each_cgi do |cgi|
Signal.trap(6){exit(2)}
do_CGI(cgi)
end

does not catch the signal.


Any help greatly appreciated,
Xavier

 

[Eric Hodel]

--Apple-Mail-54--461035622
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed

Hi Group,

I am getting many errors like the following in my apache logs:

/usr/lib/ruby/1.8/cgi.rb:725: [BUG] rb_sys_fail() - errno == 0
ruby 1.8.2 (2004-12-25) [i686-linux]

This error occurs whenever the client breaks the connection.
The fastcgi process logs the error and exits with an untrapped signal 6
error message.

Attach a debugger, and you will see what fcgi.so is doing wrong (errno
is not set properly).

This can lead to a DoS because mod_fastcgi will stop spawning fcgi's
whenever processes have failed to keep running for at least 30 seconds.

How could I either prevent cgi.rb from breaking or trap and recover
from
the signal 6?

You don't. This is Ruby saying "I don't know what's wrong, so I'm
freaking out and dying here and now."

I sent a patch to moonwolf some time ago, but he has not responded...

It turned out that patch is wrong, but I haven't had time to write the
correct patch. On line 158 of fcgi.c (0.8.5) err needs to be copied to
errno so rb_sys_fail works correctly.

--
Eric Hodel - (e-mail address removed) - http://segment7.net
FEC2 57F1 D465 EB15 5D6E 7C11 332A 551C 796C 9F04

--Apple-Mail-54--461035622
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFB9tQQMypVHHlsnwQRAlPyAJ4hDjjwoLy5H/omZPralduUuD9+MgCgwWGE
u5IZnhMplVhSvrbeDOjGcqk=
=9NKQ
-----END PGP SIGNATURE-----

--Apple-Mail-54--461035622--

 

[Kent Sibilev]

I also noticed that this happens only on FreeBSD. I've never seen this
problem since we moved to Linux.

Cheers,
Kent.

Hi Group,

I am getting many errors like the following in my apache logs:

/usr/lib/ruby/1.8/cgi.rb:725: [BUG] rb_sys_fail() - errno == 0
ruby 1.8.2 (2004-12-25) [i686-linux]

This error occurs whenever the client breaks the connection.
The fastcgi process logs the error and exits with an untrapped signal
6
error message.

Attach a debugger, and you will see what fcgi.so is doing wrong (errno
is not set properly).

This can lead to a DoS because mod_fastcgi will stop spawning fcgi's
whenever processes have failed to keep running for at least 30
seconds.

How could I either prevent cgi.rb from breaking or trap and recover
from
the signal 6?

You don't. This is Ruby saying "I don't know what's wrong, so I'm
freaking out and dying here and now."

I sent a patch to moonwolf some time ago, but he has not responded...

It turned out that patch is wrong, but I haven't had time to write the
correct patch. On line 158 of fcgi.c (0.8.5) err needs to be copied
to errno so rb_sys_fail works correctly.

 

[Xavier]

Hi Group,

I am getting many errors like the following in my apache logs:

/usr/lib/ruby/1.8/cgi.rb:725: [BUG] rb_sys_fail() - errno == 0
ruby 1.8.2 (2004-12-25) [i686-linux]

This error occurs whenever the client breaks the connection.
The fastcgi process logs the error and exits with an untrapped signal 6
error message.

Attach a debugger, and you will see what fcgi.so is doing wrong (errno
is not set properly).

This can lead to a DoS because mod_fastcgi will stop spawning fcgi's
whenever processes have failed to keep running for at least 30 seconds.

I sent a patch to moonwolf some time ago, but he has not responded...

It turned out that patch is wrong, but I haven't had time to write the
correct patch. On line 158 of fcgi.c (0.8.5) err needs to be copied to
errno so rb_sys_fail works correctly.

Thanks Eric.
Your hint helped me solve the problem.
More tests after a good night of sleep

Thanks 100x,
Xavier

 

[Thursday]

I also noticed that this happens only on FreeBSD. I've never seen this
problem since we moved to Linux.

Cheers,
Kent.

This problem is also in Linux (i686-Linux) according to Xavier's log:

/usr/lib/ruby/1.8/cgi.rb:725: [BUG] rb_sys_fail() - errno == 0
ruby 1.8.2 (2004-12-25) [i686-linux]

I hope this gets fixed before some idiot goes around crashing all the
rubyonrails sites that depend on mod_fastcgi.

ALL: Please post a 'diff -ruN' patch for the fix just in case an
updated version isn't released for a while.