[apparmor] Fun with mod_apparmor + keepalive + iOS

[Walter Hop]

On 23 Apr 2015, at 01:46, Steve Beattie <steve at nxnw.org> wrote:
> 
> I also am unable to see this script, as a mod_security firewall(?) seems
> to block it.


Oops sorry. That ModSecurity rule against PHP source leakage… It’s nothing special, just replays the GET requests to the server, without even reading from the socket. I’ll paste it here.

I’ll try to get syscall traces this week. I’m pretty sure the problem will appear when having only 1 Apache child, so it should be easy to do. Thanks to both for listening! :)

<?php

function replay(array $requests, $slowdownfactor, $host, $port = 80)
{
    $fp = fsockopen($host, $port);

    foreach ($requests as $request) {
        list($sleep, $get) = $request;

        $usleep = round($sleep * $slowdownfactor);
        echo "Sleeping $usleep usec... ";

        usleep($usleep);

        $uri = substr($get, 4, strpos($get, " HTTP/1.1") - 4);
        echo "Getting $uri\n";

        if (!fwrite($fp, $get)) {
            exit("Yay! Connection was broken!\n");
        }
    }
    fclose($fp);
}

$inputfile = 'requests.json';
$host = 'ubuntutest';
$slowdownfactor = 400000; # must be between 150000 - 800000 for a 100% successful reproduce

$requests = json_decode(file_get_contents($inputfile));
replay($requests, $slowdownfactor, $host);

-- 
Walter Hop | PGP key: https://lifeforms.nl/pgp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150423/c13db3f3/attachment.html>