Potential DoS in cgi.rb with apache & mod_fastcgi

ruby-talk
1

Hi Group,

I am getting many errors like the following in my apache logs:

/usr/lib/ruby/1.8/cgi.rb:725: [BUG] rb_sys_fail() - errno == 0
ruby 1.8.2 (2004-12-25) [i686-linux]

This error occurs whenever the client breaks the connection.
The fastcgi process logs the error and exits with an untrapped signal 6
error message.

This can lead to a DoS because mod_fastcgi will stop spawning fcgi's
whenever processes have failed to keep running for at least 30 seconds.

How could I either prevent cgi.rb from breaking or trap and recover from
the signal 6?
A simple Signal.trap(6) does not work, e.g.

FCGI.each_cgi do |cgi|
   Signal.trap(6){exit(2)}
   do_CGI(cgi)
end

does not catch the signal.

Any help greatly appreciated,
Xavier

2

Hi Group,

I am getting many errors like the following in my apache logs:

/usr/lib/ruby/1.8/cgi.rb:725: [BUG] rb_sys_fail() - errno == 0
ruby 1.8.2 (2004-12-25) [i686-linux]

This error occurs whenever the client breaks the connection.
The fastcgi process logs the error and exits with an untrapped signal 6
error message.

Attach a debugger, and you will see what fcgi.so is doing wrong (errno is not set properly).

This can lead to a DoS because mod_fastcgi will stop spawning fcgi's
whenever processes have failed to keep running for at least 30 seconds.

How could I either prevent cgi.rb from breaking or trap and recover from
the signal 6?

You don't. This is Ruby saying "I don't know what's wrong, so I'm freaking out and dying here and now."

I sent a patch to moonwolf some time ago, but he has not responded...

It turned out that patch is wrong, but I haven't had time to write the correct patch. On line 158 of fcgi.c (0.8.5) err needs to be copied to errno so rb_sys_fail works correctly.

PGP.sig (186 Bytes)

···

On 25 Jan 2005, at 14:30, Xavier wrote:

--
Eric Hodel - drbrain@segment7.net - http://segment7.net
FEC2 57F1 D465 EB15 5D6E 7C11 332A 551C 796C 9F04

3

I also noticed that this happens only on FreeBSD. I've never seen this problem since we moved to Linux.

Cheers,
Kent.

···

On Jan 25, 2005, at 6:20 PM, Eric Hodel wrote:

On 25 Jan 2005, at 14:30, Xavier wrote:

Hi Group,

I am getting many errors like the following in my apache logs:

/usr/lib/ruby/1.8/cgi.rb:725: [BUG] rb_sys_fail() - errno == 0
ruby 1.8.2 (2004-12-25) [i686-linux]

This error occurs whenever the client breaks the connection.
The fastcgi process logs the error and exits with an untrapped signal 6
error message.

Attach a debugger, and you will see what fcgi.so is doing wrong (errno is not set properly).

This can lead to a DoS because mod_fastcgi will stop spawning fcgi's
whenever processes have failed to keep running for at least 30 seconds.

How could I either prevent cgi.rb from breaking or trap and recover from
the signal 6?

You don't. This is Ruby saying "I don't know what's wrong, so I'm freaking out and dying here and now."

I sent a patch to moonwolf some time ago, but he has not responded...

It turned out that patch is wrong, but I haven't had time to write the correct patch. On line 158 of fcgi.c (0.8.5) err needs to be copied to errno so rb_sys_fail works correctly.

--
Eric Hodel - drbrain@segment7.net - http://segment7.net
FEC2 57F1 D465 EB15 5D6E 7C11 332A 551C 796C 9F04

4

Thanks Eric.
Your hint helped me solve the problem.
More tests after a good night of sleep :slight_smile:

Thanks 100x,
Xavier

···

On Wed, 26 Jan 2005 08:20:29 +0900, Eric Hodel wrote:

On 25 Jan 2005, at 14:30, Xavier wrote:

Hi Group,

I am getting many errors like the following in my apache logs:

/usr/lib/ruby/1.8/cgi.rb:725: [BUG] rb_sys_fail() - errno == 0
ruby 1.8.2 (2004-12-25) [i686-linux]

This error occurs whenever the client breaks the connection.
The fastcgi process logs the error and exits with an untrapped signal 6
error message.

Attach a debugger, and you will see what fcgi.so is doing wrong (errno
is not set properly).

This can lead to a DoS because mod_fastcgi will stop spawning fcgi's
whenever processes have failed to keep running for at least 30 seconds.

I sent a patch to moonwolf some time ago, but he has not responded...

It turned out that patch is wrong, but I haven't had time to write the
correct patch. On line 158 of fcgi.c (0.8.5) err needs to be copied to
errno so rb_sys_fail works correctly.

5

Kent Sibilev wrote:

I also noticed that this happens only on FreeBSD. I've never seen this problem since we moved to Linux.

Cheers,
Kent.

This problem is also in Linux (i686-Linux) according to Xavier's log:

   /usr/lib/ruby/1.8/cgi.rb:725: [BUG] rb_sys_fail() - errno == 0
   ruby 1.8.2 (2004-12-25) [i686-linux]

I hope this gets fixed before some idiot goes around crashing all the rubyonrails sites that depend on mod_fastcgi.

ALL: Please post a 'diff -ruN' patch for the fix just in case an updated version isn't released for a while.