Package: php5-suhosin
Version: 0.9.31-1
Severity: normal
Hello,
the following script:
# cat test.php
<?php
ini_set("memory_limit", "256M");
echo "foobar\n";
?>
executed on the command line with the following parameters
# php5 --define memory_limit=-1 --define suhosin.memory_limit=0 test.php
leads to this syslog warning:
May 10 00:14:35 hilbert suhosin[8679]: ALERT - script tried to increase
memory_limit to 268435456 bytes which is above the allowed value (attacker
'REMOTE_ADDR not set', file '/home/christoph/test.php', line 3)
Suhosin should not warn because the script has the permission to use as much
memory as it wants. The problem occurs with the same warning if I set
memory_limit to -1 in php.ini
I think that this bug might be reponsible for the following cacti bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566609
Regards
Christoph Kling
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages php5-suhosin depends on:
ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib
ii php5-cgi [phpapi-20090626] 5.3.2-1 server-side, HTML-embedded scripti
ii php5-cli [phpapi-20090626] 5.3.2-1 command-line interpreter for the p
php5-suhosin recommends no packages.
php5-suhosin suggests no packages.
-- Configuration Files:
/etc/php5/conf.d/suhosin.ini changed [not included]
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
