Debian Bug report logs - #668157
provide proper memory_limit in /etc/php5/cli/php.ini

version graph

Package: php5-cli; Maintainer for php5-cli is (unknown);

Reported by: David Herbert <david@deadbattery.co.uk>

Date: Sun, 24 Jan 2010 03:48:02 UTC

Severity: normal

Fixed in versions php5/5.4.4-7, 5.4.4-14

Done: Ondřej Surý <ondrej@sury.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Sean Finney <seanius@debian.org>:
Bug#566609; Package cacti. (Sun, 24 Jan 2010 03:48:09 GMT) (full text, mbox, link).

Acknowledgement sent to David Herbert <david@deadbattery.co.uk>:
New Bug report received and forwarded. Copy sent to Sean Finney <seanius@debian.org>. (Sun, 24 Jan 2010 03:48:09 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: David Herbert <david@deadbattery.co.uk>
To: submit@bugs.debian.org
Subject: [cacti] Logs are filling up with suhosin alerts about cacti trying to increase memory_limit
Date: Sun, 24 Jan 2010 03:42:13 +0000
Package: cacti
Version: 0.8.7e-1.1
Severity: normal

--- Please enter the report below this line. ---

Every five mins I'm getting the following in the logs:

Jan 24 03:30:02 turnip suhosin[7858]: ALERT - script tried to increase 
memory_limit to 268435456 bytes which is above the allowed value 
(attacker 'REMOTE_ADDR not set', file 
'/usr/share/cacti/site/poller.php', line 171)
Jan 24 03:30:02 turnip suhosin[7861]: ALERT - script tried to increase 
memory_limit to 268435456 bytes which is above the allowed value 
(attacker 'REMOTE_ADDR not set', file '/usr/share/cacti/site/cmd.php', 
line 33)

--- System information. ---
Architecture: i386
Kernel:       Linux 2.6.32-trunk-686

Debian Release: squeeze/sid
  500 testing         security.debian.org
  500 testing         ftp.uk.debian.org
  500 testing         debian-multimedia.fx-services.com

--- Package information. ---
Package's Depends field is empty.

Package's Recommends field is empty.

Package's Suggests field is empty.

Information forwarded to debian-bugs-dist@lists.debian.org, Sean Finney <seanius@debian.org>:
Bug#566609; Package cacti. (Tue, 04 May 2010 18:27:03 GMT) (full text, mbox, link).

Acknowledgement sent to "Christoph Kling" <christoph@familiekling.de>:
Extra info received and forwarded to list. Copy sent to Sean Finney <seanius@debian.org>. (Tue, 04 May 2010 18:27:03 GMT) (full text, mbox, link).

Message #10 received at 566609@bugs.debian.org (full text, mbox, reply):

From: "Christoph Kling" <christoph@familiekling.de>
To: "Debian Bug Tracking System" <566609@bugs.debian.org>
Subject: Re: Logs are filling up with suhosin alerts about cacti trying to increase memory_limit
Date: Tue, 4 May 2010 20:25:08 +0200
Package: cacti
Version: 0.8.7e-3
Severity: normal

*** Please type your report below this line. ***


Hello,

I've tried the following to solve the problem:

#:/etc/cron.d# cat cacti 
MAILTO=root
*/5 * * * * www-data php --define memory_limit=-1 --define
suhosin.memory_limit=0 
  /usr/share/cacti/site/poller.php >/dev/null
2>/var/log/cacti/poller-error.log

I added --define memory_limit=-1 --define suhosin.memory_limit=0 but
nevetheless,
the alert messages do not disappear. My /etc/php5/cli/php.ini contains
as well
memory_limit=-1 and the suhosin config file in /etc/php5/conf.d does in
clude
suhosin.memory_limit=0. So why are there still alerts? Is this a suhosin
bug?


Regards
Christoph Kling

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages cacti depends on:
ii  apache2-mpm-worker [ht 2.2.15-3          Apache HTTP Server - high
speed th
ii  dbconfig-common        1.8.46            common framework for
packaging dat
ii  debconf [debconf-2.0]  1.5.32            Debian configuration
management sy
ii  libphp-adodb           5.10-1            The ADOdb database
abstraction lay
ii  mysql-client-5.1 [virt 5.1.45-1          MySQL database client
binaries
ii  php5                   5.3.2-1           server-side, HTML-embedded
scripti
ii  php5-cli               5.3.2-1           command-line interpreter
for the p
ii  php5-mysql             5.3.2-1           MySQL module for php5
ii  php5-snmp              5.3.2-1           SNMP module for php5
ii  rrdtool                1.4.3-1           time-series data storage
and displ
ii  snmp                   5.4.2.1~dfsg-5+b1 SNMP (Simple Network
Management Pr
ii  ucf                    3.0025            Update Configuration File:
preserv

Versions of packages cacti recommends:
ii  iputils-ping                3:20100214-1 Tools to test the
reachability of 
ii  logrotate                   3.7.8-6      Log rotation utility
ii  mysql-server-5.1 [mysql-ser 5.1.45-1     MySQL database server
binaries

Versions of packages cacti suggests:
pn  php5-ldap                     <none>     (no description available)

-- debconf information:
  cacti/password-confirm: (password omitted)
  cacti/app-password-confirm: (password omitted)
  cacti/mysql/admin-pass: (password omitted)
  cacti/mysql/app-pass: (password omitted)
  cacti/db/app-user: cacti
  cacti/mysql/admin-user: root
* cacti/webserver: Apache2
  cacti/mysql/method: unix socket
  cacti/remote/host:
  cacti/upgrade-error: abort
  cacti/dbconfig-upgrade: true
  cacti/internal/skip-preseed: false
  cacti/remote/newhost:
  cacti/purge: false
  cacti/missing-db-package-error: abort
  cacti/database-type: mysql
  cacti/remove-error: abort
  cacti/db/dbname: cacti
  cacti/upgrade-backup: true
  cacti/install-error: abort
  cacti/internal/reconfiguring: false
  cacti/passwords-do-not-match:
  cacti/dbconfig-remove:
* cacti/dbconfig-install: true
  cacti/remote/port:
  cacti/dbconfig-reinstall: false

Information forwarded to debian-bugs-dist@lists.debian.org, Sean Finney <seanius@debian.org>:
Bug#566609; Package cacti. (Fri, 15 Apr 2011 16:18:03 GMT) (full text, mbox, link).

Acknowledgement sent to Francois Beaulieu <francois.beaulieu@securebyknowledge.com>:
Extra info received and forwarded to list. Copy sent to Sean Finney <seanius@debian.org>. (Fri, 15 Apr 2011 16:18:03 GMT) (full text, mbox, link).

Message #15 received at 566609@bugs.debian.org (full text, mbox, reply):

From: Francois Beaulieu <francois.beaulieu@securebyknowledge.com>
To: "566609@bugs.debian.org" <566609@bugs.debian.org>
Subject: Re: Logs are filling up with suhosin alerts about cacti trying to increase memory_limit
Date: Fri, 15 Apr 2011 12:08:20 -0400
[Message part 1 (text/plain, inline)]
This isn't a suhosin bug, as it is simply doing what it is supposed to be doing.

The log mesages can be fixed by changing the memory_limit in /etc/php5/cli/php.ini to a hard limit above 512M, or it can be fixed by changing the suhosin.memory_limit to 512M or more. (Or by uninstalling php5-suhosin...)

The root cause of this problem is that php5-common recommends the installation of php5-suhosin while at the same time setting the memory_limit in /etc/php5/cli/php.ini to -1 and setting the suhosin.memory_limit to 0 by default. These settings are mutually incompatible. I suggest you file a bug on php5-common, but I presume that it will be filed as WontFix based on this: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582384

--
François Beaulieu, CISSP
Conseiller principal / Senior Consultant
Secure by Knowledge
+1 (514) 667-0691 ext 2061
francois.beaulieu@securebyknowledge.com<mailto:francois.beaulieu@securebyknowledge.com>


[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Sean Finney <seanius@debian.org>:
Bug#566609; Package cacti. (Fri, 15 Apr 2011 19:45:03 GMT) (full text, mbox, link).

Acknowledgement sent to Francois Beaulieu <francois.beaulieu@securebyknowledge.com>:
Extra info received and forwarded to list. Copy sent to Sean Finney <seanius@debian.org>. (Fri, 15 Apr 2011 19:45:03 GMT) (full text, mbox, link).

Message #20 received at 566609@bugs.debian.org (full text, mbox, reply):

From: Francois Beaulieu <francois.beaulieu@securebyknowledge.com>
To: "566609@bugs.debian.org" <566609@bugs.debian.org>
Subject: Re: Bug#566609: Logs are filling up with suhosin alerts about cacti trying to increase memory_limit
Date: Fri, 15 Apr 2011 15:38:55 -0400
[Message part 1 (text/plain, inline)]
More precisely, I believe the proper fix would be to set the memory_limit in /etc/php5/cli/php.ini to a proper system-wide value (not -1), and to add "--define suhosin.memory_limit=512M" to the cacti poller command in /etc/cron.d/cacti.

--
François Beaulieu, CISSP
Conseiller principal / Senior Consultant
Secure by Knowledge
+1 (514) 667-0691 ext 2061
francois.beaulieu@securebyknowledge.com<mailto:francois.beaulieu@securebyknowledge.com>

On 2011-04-15, at 12:08 PM, Francois Beaulieu wrote:


This isn't a suhosin bug, as it is simply doing what it is supposed to be doing.

The log mesages can be fixed by changing the memory_limit in /etc/php5/cli/php.ini to a hard limit above 512M, or it can be fixed by changing the suhosin.memory_limit to 512M or more. (Or by uninstalling php5-suhosin...)

The root cause of this problem is that php5-common recommends the installation of php5-suhosin while at the same time setting the memory_limit in /etc/php5/cli/php.ini to -1 and setting the suhosin.memory_limit to 0 by default. These settings are mutually incompatible. I suggest you file a bug on php5-common, but I presume that it will be filed as WontFix based on this: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582384

--
François Beaulieu, CISSP
Conseiller principal / Senior Consultant
Secure by Knowledge
+1 (514) 667-0691 ext 2061
francois.beaulieu@securebyknowledge.com<mailto:francois.beaulieu@securebyknowledge.com>



[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org>:
Bug#566609; Package cacti. (Mon, 09 Apr 2012 11:06:14 GMT) (full text, mbox, link).

Acknowledgement sent to Paul Gevers <paul@climbing.nl>:
Extra info received and forwarded to list. Copy sent to Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org>. (Mon, 09 Apr 2012 11:06:18 GMT) (full text, mbox, link).

Message #25 received at 566609@bugs.debian.org (full text, mbox, reply):

From: Paul Gevers <paul@climbing.nl>
To: control@bugs.debian.org, 566609@bugs.debian.org
Subject: bug not in cacti
Date: Mon, 09 Apr 2012 13:03:13 +0200
[Message part 1 (text/plain, inline)]
clone 566609 -1
reassign -1 php5-cli
retitle -1 provide proper memory_limit in /etc/php5/cli/php.ini
retitle 566609 add suhosin.memory_limit in /etc/cron.d/cacti
thanks

Sorry for not responding for such a long time.

Question, does this "--define suhosin.memory_limit=512M" also work if
php5-suhosin is not installed? I.e. does it break systems that don't use it?

Paul


[signature.asc (application/pgp-signature, attachment)]

Bug 566609 cloned as bug 668157 Request was from Paul Gevers <paul@climbing.nl> to control@bugs.debian.org. (Mon, 09 Apr 2012 11:06:28 GMT) (full text, mbox, link).

Bug reassigned from package 'cacti' to 'php5-cli'. Request was from Paul Gevers <paul@climbing.nl> to control@bugs.debian.org. (Mon, 09 Apr 2012 11:06:29 GMT) (full text, mbox, link).

No longer marked as found in versions cacti/0.8.7e-1.1 and cacti/0.8.7e-3. Request was from Paul Gevers <paul@climbing.nl> to control@bugs.debian.org. (Mon, 09 Apr 2012 11:06:29 GMT) (full text, mbox, link).

Changed Bug title to 'provide proper memory_limit in /etc/php5/cli/php.ini' from '[cacti] Logs are filling up with suhosin alerts about cacti trying to increase memory_limit' Request was from Paul Gevers <paul@climbing.nl> to control@bugs.debian.org. (Mon, 09 Apr 2012 11:06:30 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#668157; Package php5-cli. (Wed, 02 May 2012 22:39:05 GMT) (full text, mbox, link).

Acknowledgement sent to Francois Beaulieu <francois.beaulieu@securebyknowledge.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Wed, 02 May 2012 22:39:05 GMT) (full text, mbox, link).

Message #38 received at 668157@bugs.debian.org (full text, mbox, reply):

From: Francois Beaulieu <francois.beaulieu@securebyknowledge.com>
To: "668157@bugs.debian.org" <668157@bugs.debian.org>
Subject: Bug#668157: memory_limit cannot be set to -1 when php5-suhosin is installed.
Date: Wed, 2 May 2012 18:37:51 -0400
[Message part 1 (text/plain, inline)]
Having the memory_limit set to -1 in /etc/php5/cli/php.ini while running php5-suhosin will cause the logs to fill up with error messages every time a php script attempts to grow its memory limit using php_ini().

Therefore, it is recommended to set the global limit to a reasonable value and define suhosin.memory_limit to the required value in any script that requires more memory that the global limit. If this cannot be done for backward compatibility reasons, then I suggest to remove the "Suggests: php5-suhosin" from php5-common.

Thanks,
François Beaulieu


[Message part 2 (text/html, inline)]

Reply sent to Ondřej Surý <ondrej@sury.org>:
You have taken responsibility. (Fri, 04 Jul 2014 12:12:52 GMT) (full text, mbox, link).

Notification sent to David Herbert <david@deadbattery.co.uk>:
Bug acknowledged by developer. (Fri, 04 Jul 2014 12:12:52 GMT) (full text, mbox, link).

Message #43 received at 668157-done@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>
To: 648424-done@bugs.debian.org, 636146-done@bugs.debian.org, 637212-done@bugs.debian.org, 645340-done@bugs.debian.org, 647475-done@bugs.debian.org, 668157-done@bugs.debian.org, 668928-done@bugs.debian.org, 684110-done@bugs.debian.org, 691917-done@bugs.debian.org, 703109-done@bugs.debian.org, 705350-done@bugs.debian.org, 706091-done@bugs.debian.org, 715513-done@bugs.debian.org, 724817-done@bugs.debian.org, 668597-done@bugs.debian.org, 612364-done@bugs.debian.org, 507401-done@bugs.debian.org, 674685-done@bugs.debian.org, 499031-done@bugs.debian.org, 580232-done@bugs.debian.org, 674476-done@bugs.debian.org
Subject: Closing bugs filled against php5 in oldstable
Date: Fri, 04 Jul 2014 14:09:04 +0200
Version: 5.4.4-14

Hey all,

I am closing the bugs that were filled against php5 5.3 in Debian
oldstable
(well and earlier)...

Feel free to reopen the bug in you can reproduce it with php5 from
current
stable Debian release.

Cheers,
-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

Marked as fixed in versions php5/5.4.4-7. Request was from Ondřej Surý <ondrej@debian.org> to control@bugs.debian.org. (Wed, 09 Jul 2014 09:03:31 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 07 Aug 2014 07:32:49 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 02:07:46 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.