Go Beyond

Written by Teran McKinney
/ About Me / Half-time Remote DevOps/Systems Engineer /

AskTeran: Corgie-caused Apache Segfaults

Question: How much static would it take to cause segfaults in Apache while not causing issues with the underlying hardware if I gave my corgi Sir Butters the Stout a static causing harness?

I admit, it took me some time to understand the full parameters of this question. To make it easier on all of us, I will reiterate the requirements and objects at my disposal: Sir Butters the Stout, a Corgi dog. A static causing harness, worn by said Corgi. Static electricity. A server, running Apache.

Requirements: Use statically charged Corgi to cause Apache to produce a segmentation fault. The Linux kernel must continue running to produce a true segmentation fault, and not merely crash. The hardware must not be damaged. Find what amount of static this is.

So first, what exactly is a segmentation fault?

Wikipedia says: "A segmentation fault (often shortened to segfault), bus error or access violation is generally an attempt to access memory that the CPU cannot physically address. It occurs when the hardware notifies an operating system about a memory access violation."

At this point, my strongest guess is that a bit flip is the most ideal way to induce this. If a MOV or other instruction can operate on 0xfeadbeefcafef00d rather than 0xdeadbeefcafef00d, it should throw an exception. While Apache may sporatically segfault on its own without a statically charged Corgi or other reasons, the Corgi must induce this through X amount of static, consistently and reliably.

Bit flips are quite common through cosmic rays and other factors. But can mere static cause a bit flip? Unfortunately, I have found no research saying exactly such, except for claims of 1,500 extra votes through means of static electricity.

So, I'm uncertain this would work through research. Yet, feeling rather adventurous, here's how I would attempt to appease the gods of science. Setup an older, Pentium 3 machine with several dimms of non-ECC memory. There is no swap enabled. The chip order would be 128MB, 512MB, 128MB. At boot time, I dd random data to /dev/shm, which is tmpfs mounted. I do this until buffers, cache, and used memory totals near 128MB. I start Apache with PHP, serving a Wordpress site. I check to see the current memory usage, and the chip order. I attach a gator clip to the first or second chip which is most likely to be servicing Apache child handling. I attach the gator clip to an otherwise ungrounded steel mesh plate, held outside of the case with plastic. Between the gator clip and the mesh plate, I run an oscilloscope running as an amp and volt meter set in the thousands of voltages range.

I equip the Cogi with a wool sweater, and run a dehumidifier in the room for several hours. I use a laser pointer to remotely control the Corgi, pointing it at carpeted floor, then back to the steel mesh to discharge the static. While doing this, I run siege from a box in the same LAN. Wordpress tops out at 3 requests per second, as usual.

From this, if it works, I would see the coloumbs of static charge required for Sir Butters the Stout to induce a segfault in Apache. I would also rerun the test without the Corgi several times back and forth, to reproduce reliably and be certain it was the static. When I find a required duration on the carpet, I don't exceed it to keep the hardware from being shocked excessively due to raised static build-up.

If this does not work, I would point the laser pointer at the case and have the static more rapidly discharged, resulting in shock to Sir Butters. Sir Butters would violnetly attack the server in response. When he manages to cause enough harm for Apache to segfault, I would throw a dog treat before he caused serious damage.

One final option would be to to create a statically activated button which changed the vhost configuration inside Apache to point to a doc root with Magento, rather than Wordpress. This should instantly and reliably induce the segfault for Apache, while not harming the server aside from excessive disk thrashing.

I would recommend employing this practice in RHCA testing to ensure that candidates thoroughly understand Corgi intrusion on Linux machines."




Share on Voat.