[apparmor] Fun with mod_apparmor + keepalive + iOS

Thu Jul 16 16:39:25 UTC 2015

Hi Walter,

Anything new with this? I have a similar hat mismatch, but I've never been
able to reproduce it. Did you manage to get strace output?

Thanks!

-Kees

On Thu, Apr 23, 2015 at 09:25:04AM +0200, Walter Hop wrote:
> On 23 Apr 2015, at 01:46, Steve Beattie <steve at nxnw.org> wrote:
> > 
> > I also am unable to see this script, as a mod_security firewall(?) seems
> > to block it.
> 
> 
> Oops sorry. That ModSecurity rule against PHP source leakage… It’s nothing special, just replays the GET requests to the server, without even reading from the socket. I’ll paste it here.
> 
> I’ll try to get syscall traces this week. I’m pretty sure the problem will appear when having only 1 Apache child, so it should be easy to do. Thanks to both for listening! :)
> 
> <?php
> 
> function replay(array $requests, $slowdownfactor, $host, $port = 80)
> {
>     $fp = fsockopen($host, $port);
> 
>     foreach ($requests as $request) {
>         list($sleep, $get) = $request;
> 
>         $usleep = round($sleep * $slowdownfactor);
>         echo "Sleeping $usleep usec... ";
> 
>         usleep($usleep);
> 
>         $uri = substr($get, 4, strpos($get, " HTTP/1.1") - 4);
>         echo "Getting $uri\n";
> 
>         if (!fwrite($fp, $get)) {
>             exit("Yay! Connection was broken!\n");
>         }
>     }
>     fclose($fp);
> }
> 
> $inputfile = 'requests.json';
> $host = 'ubuntutest';
> $slowdownfactor = 400000; # must be between 150000 - 800000 for a 100% successful reproduce
> 
> $requests = json_decode(file_get_contents($inputfile));
> replay($requests, $slowdownfactor, $host);
> 
> -- 
> Walter Hop | PGP key: https://lifeforms.nl/pgp
> 

> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-- 
Kees Cook