high cpu-utilization with apache2 and modsecurity2
Hi there, I have a problem with the mod_security2 module for apache in openSUSE Leap 15.2. After activating the module and mpm-prefork, the CPU-utilization increases in stages until it reaches 100 percent. It doesn't matter whether modsecurity is running in detection-only or blocking mode nor if the core rule set is enabled or not. With the switch to mpm-event it seems to be better. Uitlization is also increasing in peaks but lowering down after a while. But the following errors are showing in the apache error log: *** Error in `/usr/sbin/httpd-event': corrupted size vs. prev_size: 0x00007fd624019d50 *** *** Error in `/usr/sbin/httpd-event': double free or corruption (out): 0x00007fd65001bc70 *** Their going away when I disable the security2 module. I'm suspicious about a bug in the apache2 package and/or the mod_security2 package. installed versions: apache2: 2.4.43-lp152.2.6.1 apache2-event: 2.4.43-lp152.2.9.1 apache2-mod_security2: 2.9.2-lp152.3.7 I'm not sure if this is for a bug report, so here's the question whether someone has similar experiences and/or ideas for a solution. Thanks for that and best regards Andreas
Hello, Am Montag, 18. Januar 2021, 17:51:15 CET schrieb Andreas Juretzka:
*** Error in `/usr/sbin/httpd-event': corrupted size vs. prev_size: 0x00007fd624019d50 *** *** Error in `/usr/sbin/httpd-event': double free or corruption (out): 0x00007fd65001bc70 ***
Their going away when I disable the security2 module. I'm suspicious about a bug in the apache2 package and/or the mod_security2 package.
I never used mod_security, but your error messages indicate a serious bug, which could in worst case even be exploitable. I'd strongly recommend to open a bugreport. (Just a guess: The high CPU load could be the httpd-event process crashing and being restarted again and again. But that's a side effect - get the corruption and double free fixed, and this side effect will vanish.)
I'm not sure if this is for a bug report, [...]
As a general rule of thumb - whenever you ask yourself "should I report this as a bug", the typical answer is "yes" ;-) Regards, Christian Boltz --
Die Systemuhr auf dem Rechner mit SuSE8.1 geht jeden Tag ca. 10 Minuten schneller. Stellt es eine Krankheit dar? Hattest Du den Rechner mal mit in Simbabwe? Buschfieber? [> Matthias Dort und Thilo Alfred Bätzig in suse-linux]
participants (2)
-
Andreas Juretzka
-
Christian Boltz