On 2012-05-03, at 2:28 PM, Paul Gevers wrote: Well, the biggest part went into 0.8.7something, except for the possibility to configure the limit and the fact that the ini_set was done in global.php instead of the two last scripts.
The part that was left out is the only important part, in regards to this bug... Reading from the diffs, there are two scripts left that use ini_set: Which are the same two that I my proposed fix modifies by hand. See my comments above. But even if global.php would set the memory_limit, the issue would still be there wouldn't it? I.e. asking the cacti developers to port the changes in 5617 wouldn't really help anyway. That depends entirely on how it is implemented. It all boils down to: do the individual scripts still call ini_set to change their memory_limit themselves. If so, then we still need to define suhosin.memory_limit. If not, then suhosin won't complain: it only complains when a script tries to increase it's memory limit mid-run. By the way, from your proposed solution: the fact that a php script can call (via command line) an other php script while setting the suhosin.memory_limit defeats the purpose of suhosin quite a bit, doesn't it? Seems like a hole in the system. That's a whole different argument. Most people don't seem to find the suhosin patch to be particularly useful... It appears to be quite a kludge. Don't know if my fix uses a "hole" per se; I assume that the suhosin devs feel that suhosin is meant only to protect against misbehaving scripts and external attacks. If a user is able to modify the script or call them from the command line, then all bets are off and suhosin is useless anyways. François Beaulieu Courriel: francois.beaul...@securebyknowledge.com<mailto:francois.beaul...@securebyknowledge.com> | Web: www.securebyknowledge.com<http://www.securebyknowledge.com/>
