Comment 5 for bug 315507
Revision history for this message
| StephenA (steve-atty) wrote Re: Unable to remove Suhosin patch | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
The problem is that adding anything suhosin related to the php.ini file does not seem to work.
Joomla and WPMU and other PHP applications regularly seem to cause FATAL errors in the php version with Suhosin. For example:
[Thu Jul 09 12:13:23 2009] [error] [client 192.168.0.55] ALERT - canary mismatch on efree() - heap overflow detected (attacker '192.168.0.55', file '/webstuff/
These errors happen at random times and on random files so its suggesting its not just down to bad coding by the developers.
Once this has happened then Apache stops serving php files and just offers them for download.
So the statement that all the suhosin patch for php5 is doing is providing "logging functions" doesn't seem to tie in with what people are seeing.
I'm now faced with having to download new sources for php5 and recompile without the suhosin patch each time you release a new version. Which seems rather counter productive.