Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Jun 2012 08:34:35 +0200
From:      n dhert <ndhertbsd@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   apache PHP suhosin load
Message-ID:  <CAEFCw4uyugX6t2PEJREVZMRCnKhmBz81QXS2MGvYBX3O6-HWaQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
On FreeBSD 8.3 I have apache22 web server with PHP. PHP is PHP52 for
compatibility with existing applications, but the most recent version
in the php52 branch
$ php --version
PHP 5.2.17 with Suhosin-Patch 0.9.7 (cli) (built: May  7 2012 08:45:58)

>From time to time, I notice in a top output, that a huge number of httpd
daemons are being started, making the load rapidly increase to levels of
5, 10, 15, ... and very slow interactive respons ...

Stopping apache makes the load rapidly decrease to a normal level.

I noticed at the console, at stopping apache, several messages such as

Jun 14 09:12:20 macos kernel: Jun 14 09:12:20 macos suhosin[28824]: ALERT -
canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR
not set', file
'/home/wins/win/win/www/wiki/mediawiki-1.16.0/includes/AutoLoader.php',
line 654)

(the file value differs, but it's always "suhosin .. canany mismatch
- heap overflow detected")
My PHP has following options set
# cd /usr/ports/lang/php52

My PHP has following options set
# cd /usr/ports/lang/php52
# make showconfig
===> The following configuration options are available for php52-5.2.17_8:
     CLI=on: Build CLI version
     CGI=on: Build CGI version
     APACHE=on: Build Apache module
     DEBUG=off: Enable debug
     SUHOSIN=on: Enable Suhosin protection system (not for jails)
     MULTIBYTE=off: Enable zend multibyte support
     IPV6=on: Enable ipv6 support
     MAILHEAD=off: Enable mail header patch
     REDIRECT=off: Enable force-cgi-redirect support (CGI only)
     DISCARD=off: Enable discard-path support (CGI only)
     FASTCGI=on: Enable fastcgi support (CGI only)
     FPM=off: Enable fastcgi process manager (CGI only)
     PATHINFO=on: Enable path-info-check support (CGI only)
     LINKTHR=off: Link thread lib (for threaded extensions)

Is that heap overlow causing the trouble? Has suhosin to do something with
it?
How to solve?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEFCw4uyugX6t2PEJREVZMRCnKhmBz81QXS2MGvYBX3O6-HWaQ>