When using PHP5 with the Suhosin patch in a jail, I often get this output on my screen: Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0 Fatal error: Unknown: Failed opening required '/home/edwin/public_html/a.php' (include_path='.:/usr/local/share/pear') in Unknown on line 0 Other times it displays the right output. See also: http://www.webmasterworld.com/apache/3193113.htm http://forum.hardened-php.net/viewtopic.php?id=135 Fix: Give warning in the OPTIONS screen that the Suhosin patch shouldn't be used for PHP instances inside jails.
Responsible Changed From-To: freebsd-ports-bugs->ale Over to maintainer
uname -a output: FreeBSD webtoo-mavetju.barnet.com.au 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 08:43:30 UTC 2007 root@portnoy.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP amd64 script: nothing special, it happens about 10-20% with every script. [~] edwin@mavetju.org>cat public_html/a.php <?php //header("Content-type: text/plain; charset=UTF-8"); header("Content-Disposition: attachment; filename=\"patch-1.diff\""); //header("Content-Disposition: inline; filename=\"patch-1.diff\""); ?> Index: mtree.8 =================================================================== RCS file: /home/ncvs/src/usr.sbin/mtree/mtree.8,v retrieving revision 1.55 diff -u -r1.55 mtree.8 --- mtree.8 29 Sep 2006 17:57:03 -0000 1.55 +++ mtree.8 14 Jun 2007 00:20:56 -0000 @@ -322,6 +322,17 @@ .Sh EXIT STATUS .Ex -std .Sh EXAMPLES +To create an +.Pa /etc/mtree +style BSD.*.dist file, use +.Nm +.Fl c +.Fl d +.Fl i +.Fl n +.Fl k +.Cm uname,gname,mode,nochange. +.Pp To detect system binaries that have been ``trojan horsed'', it is recommended that .Nm [~] edwin@mavetju.org>php -v PHP 5.2.2 (cli) (built: Jun 16 2007 21:05:40) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies [~] edwin@mavetju.org>php -m [PHP Modules] date libxml Reflection standard xml [Zend Modules] No php.ini -- Edwin Groothuis | Personal website: http://www.mavetju.org edwin@mavetju.org | Weblog: http://www.mavetju.org/weblog/
State Changed From-To: open->closed Warning added.
ale 2007-06-20 06:01:50 UTC FreeBSD ports repository Modified files: lang/php4 Makefile lang/php5 Makefile Log: Add a comment about incompatibility between suhosin and FreeBSD jails. PR: ports/113748 Submitted by: edwin Revision Changes Path 1.115 +1 -1 ports/lang/php4/Makefile 1.118 +1 -1 ports/lang/php5/Makefile _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Hello, I'm running PHP 5.2.3 with Suhosin-Patch 0.9.6.2 in a FreeBSD 6.2 jail and cannot reproduce this problem. I use Lighttpd as my web server with PHP running as FastCGI. Earlier, I did notice some problems while using the APC module; the FastCGI processes would continue to run but would not respond. I couldn't track down exactly what was causing the problem so I disabled APC until I have some time to look into it. Without APC I have never noticed any problems running PHP with Suhosin under FreeBSD jails, at least not with FastCGI and CLI interfaces. - Maxim Khitrov
Can you post some more details of your jail + php + apache setup? I am not seeing your problems with Suhosin patch. I am running 6.2-RELEASE-p6 i386 with GENERIC kernel, jail inside 3GB file based disk (mdconfig) /dev/md0c on /vol0/jail/rain (ufs, local, soft-updates) devfs on /vol0/jail/rain/dev (devfs, local) apache-2.2.4_2 php5-5.2.2 php5-gd-5.2.2 php5-iconv-5.2.2 php5-mbstring-5.2.2 php5-mssql-5.2.2 php5-mysql-5.2.2 php5-pcre-5.2.2 php5-session-5.2.2 php5-sockets-5.2.2 php5-xml-5.2.2 PHP options: WITH_CLI=true WITH_CGI=true WITH_APACHE=true WITHOUT_DEBUG=true WITH_SUHOSIN=true WITH_MULTIBYTE=true WITH_IPV6=true WITH_MAILHEAD=true WITHOUT_REDIRECT=true WITHOUT_DISCARD=true WITH_FASTCGI=true WITH_PATHINFO=true Is it possible, that the problem is only related to SMP or AMD64, or something else? Miroslav Lachman
It APPEARS the APC issue has been fixed with this php.ini configuration variable: suhosin.apc_bug_workaround * Type: Boolean * Default: Off APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot first. It always uses resource slot 0. If Suhosin got this slot assigned APC will overwrite the information Suhosin stores in this slot. When this flag is set Suhosin will request 2 Slots and use the second one. This allows working correctly with these buggy APC versions. http://www.hardened-php.net/suhosin/configuration.html -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * King of Spam Filters, SC Magazine 2008 * Information Security Award 2008, Info Security Products Guide * CRN Magazine Top 40 Emerging Security Vendors _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _________________________________________________________________________