[Pkg-cacti-maint] Bug#566609: Bug#566609: bug not in cacti

Paul Gevers paul at climbing.nl
Thu May 3 18:28:29 UTC 2012

> I have not had a chance to verify it personally, but they seem to no
> longer use ini_set within cmd.php or other cacti php scripts, according
> to the notes. This would mean that we would not need to modify the
> scripts to add --define suhosin.memory_limit to script calls.
>>>> http://bugs.cacti.net/view.php?id=1583
>> This change (revision 5717) never made it completely to the 0.8.X branch
>> and remained in main. They did make nearly the same change to the 0.8.7
>> branch in revision 5743 (April 2010), without the configuration part.
> Has it made it into v0.8.8? The case notes certainly indiciate that it did.

(My typo, the original revision was 5617 [1])

Well, the biggest part went into 0.8.7something, except for the
possibility to configure the limit and the fact that the ini_set was
done in global.php instead of the two last scripts. Reading from the
diffs, there are two scripts left that use ini_set:

paul at stromboli ~/cacti/cacti $ grep -n ini_set\(\"memory_limit *
cmd.php:64:ini_set("memory_limit", "512M");
poller.php:211:ini_set("memory_limit", "512M");

> I have not tested against any versions other than the v0.8.7g provided
> by Debian.

The "changes" were already included in that version. So your tests are
the same for 0.8.8.

> We will need to define suhosin.memory_limit in all versions that don't
> include the fix. From my understanding of the fix, users may also need
> to add it manually to the scripts in the fixed version if they define a
> non-standard memory_limit in config.pgp. However, since by default the
> memory_limit will be fixed to 512M globally, no script will use ini_set
> to increase its memory, and suhosin will thus no longer complain even
> when suhosin.memory_limit isn't defined. This is my understanding, but
> is untested, so it may be wrong. (I have no time to set up and est a
> non-debian version right now.)

See my comments above. But even if global.php would set the
memory_limit, the issue would still be there wouldn't it? I.e. asking
the cacti developers to port the changes in 5617 wouldn't really help

By the way, from your proposed solution: the fact that a php script can
call (via command line) an other php script while setting the
suhosin.memory_limit defeats the purpose of suhosin quite a bit, doesn't
it? Seems like a hole in the system.


[1] http://svn.cacti.net/viewvc?view=rev&revision=5617

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cacti-maint/attachments/20120503/92a7e03d/attachment.pgp>

More information about the Pkg-cacti-maint mailing list