Bug 4677

Summary: Php-suhosin default settings are overzealous causing segfaults in common webapps
Product: Mageia Reporter: claire robinson <eeeemail>
Component: RPM PackagesAssignee: Thomas Spuhler <thomas>
Status: RESOLVED WONTFIX QA Contact:
Severity: normal    
Priority: Normal    
Version: 1   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://bugs.mageia.org/show_bug.cgi?id=4435
Whiteboard:
Source RPM: php-suhosin CVE:
Status comment:

Description claire robinson 2012-02-24 15:13:54 CET 
This bug was created to allow a security update ( bug 4435 ) to be validated. It is not a regression.

I had previously been blaming wordpress but, after removing php-suhosin, wordpress is fine..

The default settings are too restrictive and cause segfaults when just browsing a wordpress installation.
Comment 1 Thomas Spuhler 2012-03-11 00:30:46 CET 
I think this has been pushed to updates?
Comment 2 claire robinson 2012-03-11 11:39:23 CET 
It was. That's why this bug is here :)

It needs to be looked at as it wasn't looked addressed by the update. 

That particular update was a security update and could not have been delayed since February.
Thomas Spuhler 2012-03-16 03:08:23 CET

Status: NEW => ASSIGNED

Comment 3 Thomas Spuhler 2012-03-16 03:34:56 CET 
If you google for worpress and suhosin, you gonne get a ton of hits. The answers range from suhosin isn't needed for todays php to mostly how to disable it in the php-ini. My suggestions, leave it alone and if wordpress is installed follow the recommendation on the worpress forum and uninstall or disable it.
We have had no other bug report and Mandriva distributes it the same way as we do.
Comment 4 claire robinson 2012-03-16 11:32:30 CET 
That's fair enough Thomas. It was worth looking into :)
Comment 5 Thomas Spuhler 2012-03-22 05:40:24 CET 
Nobody else posted anything, so I will close it as wontfix

Status: ASSIGNED => RESOLVED
Resolution: (none) => WONTFIX