Debian Bug report logs -
#613345
please document session.gc_maxlifetime being set to 0 in NEWS.Debian
Reported by: Pierre Habouzit <madcoder@debian.org>
Date: Mon, 14 Feb 2011 08:48:02 UTC
Severity: normal
Found in version php5/5.3.3-7
Done: Ondřej Surý <ondrej@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#613345; Package libapache2-mod-php5.
(Mon, 14 Feb 2011 08:48:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Pierre Habouzit <madcoder@debian.org>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Mon, 14 Feb 2011 08:48:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libapache2-mod-php5
Version: 5.3.3-7
Severity: grave
The last php5 upload sets session.gc_probability to 0, which means that
sessions aren't GC'ed anymore which is a possible source for DOSes
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#613345; Package libapache2-mod-php5.
(Mon, 14 Feb 2011 12:06:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Ondřej Surý <ondrej@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Mon, 14 Feb 2011 12:06:08 GMT) (full text, mbox, link).
Message #10 received at 613345@bugs.debian.org (full text, mbox, reply):
close 613345
thank you
From php5-common.README.Debian:
Session storage
---------------
Session files are stored in /var/lib/php5. For security purposes, this
directory is unreadable by non-root users. This means that php5 running
from apache2, for example, will not be able to clean up stale session
files. Instead, we have a cron job run every 30 mins that cleans up
stale session files; /etc/cron.d/php5. You may need to modify how
often this runs, if you've modified session.gc_maxlifetime in your
php.ini; otherwise, it may be too lax or overly aggressive in cleaning
out stale session files.
Andres Salomon <dilinger@debian.org> Fri, 03 Sep 2004 03:12:54 -0400
On Mon, Feb 14, 2011 at 09:44, Pierre Habouzit <madcoder@debian.org> wrote:
> Package: libapache2-mod-php5
> Version: 5.3.3-7
> Severity: grave
>
> The last php5 upload sets session.gc_probability to 0, which means that
> sessions aren't GC'ed anymore which is a possible source for DOSes
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>
--
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/
Bug closed, send any further explanations to Pierre Habouzit <madcoder@debian.org>
Request was from Ondřej Surý <ondrej@debian.org>
to control@bugs.debian.org.
(Mon, 14 Feb 2011 12:06:10 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#613345; Package libapache2-mod-php5.
(Mon, 14 Feb 2011 14:00:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Pierre Habouzit <madcoder@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Mon, 14 Feb 2011 14:00:12 GMT) (full text, mbox, link).
Message #17 received at 613345@bugs.debian.org (full text, mbox, reply):
reopen 613345
retitle 613345 please document session.gc_maxlifetime being set to 0 in NEWS.Debian
severity 613345 normal
thanks
On Mon, Feb 14, 2011 at 01:03:44PM +0100, Ondřej Surý wrote:
> close 613345
> thank you
>
> From php5-common.README.Debian:
>
> Session storage
> ---------------
>
> Session files are stored in /var/lib/php5. For security purposes, this
> directory is unreadable by non-root users. This means that php5 running
> from apache2, for example, will not be able to clean up stale session
> files. Instead, we have a cron job run every 30 mins that cleans up
> stale session files; /etc/cron.d/php5. You may need to modify how
> often this runs, if you've modified session.gc_maxlifetime in your
> php.ini; otherwise, it may be too lax or overly aggressive in cleaning
> out stale session files.
>
> Andres Salomon <dilinger@debian.org> Fri, 03 Sep 2004 03:12:54 -0400
Why wasn't it put in NEWS.Debian ? I watch this file and wouldn't have
raised the bug if I had seen that.
This is a disruptive change that should go there.
--
·O· Pierre Habouzit
··O madcoder@debian.org
OOO http://www.madism.org
Did not alter fixed versions and reopened.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 14 Feb 2011 14:00:13 GMT) (full text, mbox, link).
Changed Bug title to 'please document session.gc_maxlifetime being set to 0 in NEWS.Debian' from 'libapache2-mod-php5: gc_probability set to 0'
Request was from Pierre Habouzit <madcoder@debian.org>
to control@bugs.debian.org.
(Mon, 14 Feb 2011 14:00:14 GMT) (full text, mbox, link).
Severity set to 'normal' from 'grave'
Request was from Pierre Habouzit <madcoder@debian.org>
to control@bugs.debian.org.
(Mon, 14 Feb 2011 14:00:15 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#613345; Package libapache2-mod-php5.
(Mon, 14 Feb 2011 14:15:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Ondřej Surý <ondrej@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Mon, 14 Feb 2011 14:15:08 GMT) (full text, mbox, link).
Message #28 received at 613345@bugs.debian.org (full text, mbox, reply):
close 613345
thank you
I am sorry, but the cron job mechanism is there from php4 4:4.3.8-8
and it's well documented in php.ini (i.e. no change has happened from
2004). I don't really see a reason why we should put there in
NEWS.Debian now.
Ondrej
On Mon, Feb 14, 2011 at 14:57, Pierre Habouzit <madcoder@debian.org> wrote:
> reopen 613345
> retitle 613345 please document session.gc_maxlifetime being set to 0 in NEWS.Debian
> severity 613345 normal
> thanks
>
> On Mon, Feb 14, 2011 at 01:03:44PM +0100, Ondřej Surý wrote:
>> close 613345
>> thank you
>>
>> From php5-common.README.Debian:
>>
>> Session storage
>> ---------------
>>
>> Session files are stored in /var/lib/php5. For security purposes, this
>> directory is unreadable by non-root users. This means that php5 running
>> from apache2, for example, will not be able to clean up stale session
>> files. Instead, we have a cron job run every 30 mins that cleans up
>> stale session files; /etc/cron.d/php5. You may need to modify how
>> often this runs, if you've modified session.gc_maxlifetime in your
>> php.ini; otherwise, it may be too lax or overly aggressive in cleaning
>> out stale session files.
>>
>> Andres Salomon <dilinger@debian.org> Fri, 03 Sep 2004 03:12:54 -0400
>
> Why wasn't it put in NEWS.Debian ? I watch this file and wouldn't have
> raised the bug if I had seen that.
>
> This is a disruptive change that should go there.
> --
> ·O· Pierre Habouzit
> ··O madcoder@debian.org
> OOO http://www.madism.org
>
--
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/
Bug closed, send any further explanations to Pierre Habouzit <madcoder@debian.org>
Request was from Ondřej Surý <ondrej@debian.org>
to control@bugs.debian.org.
(Mon, 14 Feb 2011 14:15:10 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 15 Mar 2011 07:36:49 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jul 2 03:53:13 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.