[php-maint] Bug#549492: php5-cgi causes segmention fault (fix)
Vincent Caron
vcaron at bearstech.com
Thu Oct 29 14:26:58 UTC 2009
Good news,
I have been able to suppress all my php5-cgi segfaults, I simply
installed the 'php5-suhosin' package, reloaded Apache, and done (Lenny
AMD64, up-to-date).
The backtraces above suggests that the suhosin_patch tries to log some
security violation information and lookup some PHP internals which do
not seem to be reachable at this point, like the REMOTE_ADDR env used to
log the client IP address. Maybe the Suhosin module is vital to setup
its security log or something like that (sorry for being vague, I'm
talking about intuitions...)
Installing php5-suhosin is not as transparent as the doc suggests. I
tought this module would only act as a gateway to tune the suhosin_patch
which is already built into PHP5 SAPIs. And not change its behaviour
upon installation since all parameters in /etc/php5/conf.d/suhosin are
commented out.
But for instance, on servers where safe_mode=off, the
suhosin.memory_limit=0 takes effect uppon php5-suhosin installation and
suddenly scripts cannot raise the memory_limit barrier with ini_set().
Maybe I misread the doc, I was a bit in a hurry.
> are you at all able to reproduce the issue with a simple script (or
> perhaps by a second script which loops around calling the first until
> it crashes?)
Sorry, nope. I tried a few snippets on a server which should be
impacted by this problem but could not have PHP segfault. I can hardly
use xdebug on the platform I just fixed, it's very busy and uses a
custom and complex PHP framework, I d'ont expect to get any interesting
trace there.
Hint: my impacted platforms were Etch systems dist-upgraded to Lenny.
I'm not sure if it's specific to this criterion, but maybe it's worth
mentioning.
More information about the pkg-php-maint
mailing list