Php cron job fails when there are a lot of session files in /var/lib/php5

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

I figured, but I wasn't sure it fit into a DDOS category so I flagged it
just in case :)

On Sun, Nov 15, 2009 at 2:44 PM, Kees Cook <email address hidden> wrote:

> Thanks for taking the time to report this bug and helping to make Ubuntu
> better. We appreciate the difficulties you are facing, but this appears
> to be a "regular" (non-security) bug. I have unmarked it as a security
> issue since this bug does not show evidence of allowing attackers to
> cross privilege boundaries nor directly cause loss of data/privacy.
> Please feel free to report any other bugs you may find.
>
> ** This bug is no longer flagged as a security vulnerability
>
> --
> Php cron job fails when there are a lot of session files in /var/lib/php5
> https://bugs.launchpad.net/bugs/482720
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “php5” package in Ubuntu: New
>
> Bug description:
> Binary package hint: php5
>
> root@eris:/var/lib/php5# lsb_release -rd
> Description: Ubuntu 8.04.3 LTS
> Release: 8.04
> root@eris:/var/lib/php5# apt-cache policy php5
> php5:
> Installed: 5.2.4-2ubuntu5.6
> Candidate: 5.2.4-2ubuntu5.7
> Version table:
> 5.2.4-2ubuntu5.7 0
> 500 http://de.archive.ubuntu.com hardy-updates/main Packages
> 500 http://security.ubuntu.com hardy-security/main Packages
> *** 5.2.4-2ubuntu5.6 0
> 100 /var/lib/dpkg/status
> 5.2.4-2ubuntu5 0
> 500 http://de.archive.ubuntu.com hardy/main Packages
> root@eris:/var/lib/php5#
>
> -- Description:
>
> The cron job /etc/cron.d/php5 is meant to clear out /var/lib/php5 of old
> session files, which is fine generally... But:
>
> The cron job uses xargs with the -0 option - This is the effect on a
> cleanish and newly purged (30 seconds ago) directory:
>
> root@eris:/var/lib/php5# find . -print | xargs -0
> .
> ./sess_3cf1404393d2ed9f2ca38c18fe74faba
> ./sess_f98b526208a668d407d4407a09006bd5
> ./sess_94a5a7dc98b985d170db93bb19c4dfd8
> ./sess_de29f9fbeb695de7df5fce6b69921ef0
> ./sess_29e1d26ecce86f3386595fe9ecff2b6a
> ./sess_a44fc67ea7aa7c39100e67cb1040199c
> ./sess_86849bfdedf6fd957ae873b455e936f6
> ./sess_a995ac4897a1db02e477384a8e3a1f05
> ./sess_e76aab3594fda5aa961be1e3d339bfed
> ./sess_090f28216167271d050078f31b41f6f1
> ./sess_92b65c8a5f82700dd9f6e6166ba98019
>
> root@eris:/var/lib/php5#
>
> However - This is a very full directory such as the one that completely
> filled my disk yesterday:
>
> root@eris:/var/lib/php5# find . -print | xargs -r -0
> xargs: argument line too long
> root@eris:/var/lib/php5#
>
> This results in the disk with /var on it filling and the system becoming
> completely unusable - Which is why I ticked the security vulnerability since
> effectively, this is a DOS, you may feel free to disagree.
>
> So far my fix is one of:
>
> 1. Run the cron job more often so it doesn't fill the thing so much it
> can't be deleted (poor hack)
> 2. Remove the -0 option to xargs in /etc/cron.d/php5 - Since -0 is new to
> me and seems to have little documentation I am not sure what this will
> break.
> 3. Change the lifetime of the session files in /usr/lib/php5/maxlifetime
>
> Only 2 is a good solution but I am still...

And the fix is this

find this file
/etc/cron.d/php5

This line ...

09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm

change to ...

09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin -$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm

Just change "+" to "-" after cmin.

please don't read previous comment.
It should be:

--
And the fix is:

find this file
/etc/cron.d/php5

This line ...

09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin -$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm

change to ...

09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm

Just change "-" to "+" after cmin.

--

Hi guys!
I'm running ubuntu 12.04 and I have the same problem:

Take a look:

$ grep -i cron /var/log/syslog

Aug 13 16:39:01 one CRON[7303]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete)

More info...
Every hour cron sends me an email like this:

---------- Forwarded message ----------
From: root <email address hidden>
Date: 2012/8/13
Subject: Cron <root@one> [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete
To: root

Failed loading /usr/lib/php5/20090626/xdebug.so: /usr/lib/php5/20090626/xdebug.so: cannot open shared object file: No such file or directory

More info...

$ ls /usr/lib/php5/
20090626+lfs build libexec maxlifetime

What should I do, remove php5 from my cron? Or rename the directory /usr/lib/php5/20090626+lfs/ to /usr/lib/php5/20090626 ?

Thanks in advance!
nonox