Bug 113748
| Summary: | lang/php5 with Suhosin patch fails in jails. | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | edwin |
| Component: | Individual Port(s) | Assignee: | Alex Dupre <ale> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
Responsible Changed From-To: freebsd-ports-bugs->ale Over to maintainer uname -a output:
FreeBSD webtoo-mavetju.barnet.com.au 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 08:43:30 UTC 2007 root@portnoy.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP amd64
script: nothing special, it happens about 10-20% with every script.
[~] edwin@mavetju.org>cat public_html/a.php
<?php
//header("Content-type: text/plain; charset=UTF-8");
header("Content-Disposition: attachment; filename=\"patch-1.diff\"");
//header("Content-Disposition: inline; filename=\"patch-1.diff\"");
?>
Index: mtree.8
===================================================================
RCS file: /home/ncvs/src/usr.sbin/mtree/mtree.8,v
retrieving revision 1.55
diff -u -r1.55 mtree.8
--- mtree.8 29 Sep 2006 17:57:03 -0000 1.55
+++ mtree.8 14 Jun 2007 00:20:56 -0000
@@ -322,6 +322,17 @@
.Sh EXIT STATUS
.Ex -std
.Sh EXAMPLES
+To create an
+.Pa /etc/mtree
+style BSD.*.dist file, use
+.Nm
+.Fl c
+.Fl d
+.Fl i
+.Fl n
+.Fl k
+.Cm uname,gname,mode,nochange.
+.Pp
To detect system binaries that have been ``trojan horsed'', it is recommended
that
.Nm
[~] edwin@mavetju.org>php -v
PHP 5.2.2 (cli) (built: Jun 16 2007 21:05:40)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
[~] edwin@mavetju.org>php -m
[PHP Modules]
date
libxml
Reflection
standard
xml
[Zend Modules]
No php.ini
--
Edwin Groothuis | Personal website: http://www.mavetju.org
edwin@mavetju.org | Weblog: http://www.mavetju.org/weblog/
State Changed From-To: open->closed Warning added. ale 2007-06-20 06:01:50 UTC
FreeBSD ports repository
Modified files:
lang/php4 Makefile
lang/php5 Makefile
Log:
Add a comment about incompatibility between suhosin and FreeBSD jails.
PR: ports/113748
Submitted by: edwin
Revision Changes Path
1.115 +1 -1 ports/lang/php4/Makefile
1.118 +1 -1 ports/lang/php5/Makefile
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Hello, I'm running PHP 5.2.3 with Suhosin-Patch 0.9.6.2 in a FreeBSD 6.2 jail and cannot reproduce this problem. I use Lighttpd as my web server with PHP running as FastCGI. Earlier, I did notice some problems while using the APC module; the FastCGI processes would continue to run but would not respond. I couldn't track down exactly what was causing the problem so I disabled APC until I have some time to look into it. Without APC I have never noticed any problems running PHP with Suhosin under FreeBSD jails, at least not with FastCGI and CLI interfaces. - Maxim Khitrov Can you post some more details of your jail + php + apache setup? I am not seeing your problems with Suhosin patch. I am running 6.2-RELEASE-p6 i386 with GENERIC kernel, jail inside 3GB file based disk (mdconfig) /dev/md0c on /vol0/jail/rain (ufs, local, soft-updates) devfs on /vol0/jail/rain/dev (devfs, local) apache-2.2.4_2 php5-5.2.2 php5-gd-5.2.2 php5-iconv-5.2.2 php5-mbstring-5.2.2 php5-mssql-5.2.2 php5-mysql-5.2.2 php5-pcre-5.2.2 php5-session-5.2.2 php5-sockets-5.2.2 php5-xml-5.2.2 PHP options: WITH_CLI=true WITH_CGI=true WITH_APACHE=true WITHOUT_DEBUG=true WITH_SUHOSIN=true WITH_MULTIBYTE=true WITH_IPV6=true WITH_MAILHEAD=true WITHOUT_REDIRECT=true WITHOUT_DISCARD=true WITH_FASTCGI=true WITH_PATHINFO=true Is it possible, that the problem is only related to SMP or AMD64, or something else? Miroslav Lachman It APPEARS the APC issue has been fixed with this php.ini configuration
variable:
suhosin.apc_bug_workaround
*
Type: Boolean
*
Default: Off
APC 3.0.12(p1/p2) uses reserved resources without requesting a resource
slot first. It always uses resource slot 0. If Suhosin got this slot
assigned APC will overwrite the information Suhosin stores in this slot.
When this flag is set Suhosin will request 2 Slots and use the second
one. This allows working correctly with these buggy APC versions.
http://www.hardened-php.net/suhosin/configuration.html
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* King of Spam Filters, SC Magazine 2008
* Information Security Award 2008, Info Security Products Guide
* CRN Magazine Top 40 Emerging Security Vendors
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
|
When using PHP5 with the Suhosin patch in a jail, I often get this output on my screen: Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0 Fatal error: Unknown: Failed opening required '/home/edwin/public_html/a.php' (include_path='.:/usr/local/share/pear') in Unknown on line 0 Other times it displays the right output. See also: http://www.webmasterworld.com/apache/3193113.htm http://forum.hardened-php.net/viewtopic.php?id=135 Fix: Give warning in the OPTIONS screen that the Suhosin patch shouldn't be used for PHP instances inside jails.