On 2012-05-03, at 12:42 PM, Paul Gevers wrote:

On 03-05-12 00:38, Francois Beaulieu wrote:
It appears to be solved upstream:

Which part?

I have not had a chance to verify it personally, but they seem to no longer use 
ini_set within cmd.php or other cacti php scripts, according to the notes. This 
would mean that we would not need to modify the scripts to add --define 
suhosin.memory_limit to script calls.


This change (revision 5717) never made it completely to the 0.8.X branch
and remained in main. They did make nearly the same change to the 0.8.7
branch in revision 5743 (April 2010), without the configuration part.

Has it made it into v0.8.8? The case notes certainly indiciate that it did.

- on which version of cacti did you do your verifications?

I have not tested against any versions other than the v0.8.7g provided by 

- do we still need the --define suhosin.memory_limit lines, even if a
proper memory_limit is set by cacti's scripts? As I understand it, yes,
or are those suhosin limits taken from the php memory_limit?

We will need to define suhosin.memory_limit in all versions that don't include 
the fix. From my understanding of the fix, users may also need to add it 
manually to the scripts in the fixed version if they define a non-standard 
memory_limit in config.pgp. However, since by default the memory_limit will be 
fixed to 512M globally, no script will use ini_set to increase its memory, and 
suhosin will thus no longer complain even when suhosin.memory_limit isn't 
defined. This is my understanding, but is untested, so it may be wrong. (I have 
no time to set up and est a non-debian version right now.)

François Beaulieu
 | Web: www.securebyknowledge.com<http://www.securebyknowledge.com/>

Reply via email to