> I have not had a chance to verify it personally, but they seem to no > longer use ini_set within cmd.php or other cacti php scripts, according > to the notes. This would mean that we would not need to modify the > scripts to add --define suhosin.memory_limit to script calls. > >>>> http://bugs.cacti.net/view.php?id=1583 >> >> This change (revision 5717) never made it completely to the 0.8.X branch >> and remained in main. They did make nearly the same change to the 0.8.7 >> branch in revision 5743 (April 2010), without the configuration part. > > Has it made it into v0.8.8? The case notes certainly indiciate that it did.
(My typo, the original revision was 5617 [1])
Well, the biggest part went into 0.8.7something, except for the
possibility to configure the limit and the fact that the ini_set was
done in global.php instead of the two last scripts. Reading from the
diffs, there are two scripts left that use ini_set:
paul@stromboli ~/cacti/cacti $ grep -n ini_set\(\"memory_limit *
cmd.php:64:ini_set("memory_limit", "512M");
poller.php:211:ini_set("memory_limit", "512M");
> I have not tested against any versions other than the v0.8.7g provided
> by Debian.
The "changes" were already included in that version. So your tests are
the same for 0.8.8.
> We will need to define suhosin.memory_limit in all versions that don't
> include the fix. From my understanding of the fix, users may also need
> to add it manually to the scripts in the fixed version if they define a
> non-standard memory_limit in config.pgp. However, since by default the
> memory_limit will be fixed to 512M globally, no script will use ini_set
> to increase its memory, and suhosin will thus no longer complain even
> when suhosin.memory_limit isn't defined. This is my understanding, but
> is untested, so it may be wrong. (I have no time to set up and est a
> non-debian version right now.)
See my comments above. But even if global.php would set the
memory_limit, the issue would still be there wouldn't it? I.e. asking
the cacti developers to port the changes in 5617 wouldn't really help
anyway.
By the way, from your proposed solution: the fact that a php script can
call (via command line) an other php script while setting the
suhosin.memory_limit defeats the purpose of suhosin quite a bit, doesn't
it? Seems like a hole in the system.
Paul
[1] http://svn.cacti.net/viewvc?view=rev&revision=5617
signature.asc
Description: OpenPGP digital signature
