[TYPO3-core] RFC #13701: Bug: @ini_set() works only on windows, on some unices it could render the function unusable

Christian Kuhn lolli at schwarzbu.ch
Sun May 30 17:19:33 CEST 2010


netz-haut - stephan seitz wrote:
> Problem:
>  If php has been built with suhosin and runs via FCGI SAPI, the @ini_set() function call is not ignored (which is obviously expected). Instead, the php process quits without closing the fcgi handler properly.
> Due to the lack of proper fcgi communication, the webserver returns an error 500.
> 
> This can be seen as a faulty php behaviour.
> Anyway, the @ini_set() call does not work on most Unices, except the administrator configured the local MTA to accept manipulation from unprivileged users which is highly discouraged.
> To keep the fix narrow, I suggest to use @ini_set() only if TYPO3_OS == WIN as Windows seems to be the only OS in the wild which accepts such header manipulations without any privilege problems.
> 
> Solution:
>  Use @ini_set() only if TYPO3 is running on Windows.

Up.

That's imho still an important fix, I'd consider this a blocker for next
minor release of 4.3!

The patch is the only one we currently apply as a must-have to every
installation.

+1 on reading and testing for the 4.3 patch applied to 4.3 and trunk.


Here are some system combinations where we see this, all debian lenny 
php 4.2.6:
- apache, mod_php, with and without suhosin, with and without eaccelerator
- apache, fcgi, suhosin, eaccelerator
- ngingx, fcgi, with and without suhosin, xcache

With suhosin we get a carnary mismatch log entry, without it php 
segfaults. I'd guess this is a problem at least with php 4.2.6.


The issue already caused a lot of trouble for us, just imagine shop 
orders that are stored correctly in database, but no confirmation mails 
are sent because of this segfault later on in processing.

Regards
Christian


More information about the TYPO3-team-core mailing list