Php – Overriding memory_limit with .htaccess resulting in thesterious alerts in syslog (suhosin)

.htaccessmemoryPHPphp5

PHP version: PHP 5.3.10-1ubuntu3.4 with Suhosin-Patch (cli)
Used in apache2 with: libapache2-mod-php5

The global options memory_limit for PHP is set to 512M. So far so good.
Now a script tries to allocate more than this and fails due to the memory_limit. So far so good.

But now a strange thing happens. When I create .htacess with php_value memory_limit "1025M" there are errors in the syslog just with requesting a simple PHP file with one echo.

Sep 21 18:14:02 ccollard2 suhosin[8611]: ALERT – script tried to
increase memory_limit to 1082130432 bytes which is above the allowed
value (attacker '*******', file
'/home/www-data/*********/bla/test.php', line 14)

BUT when I try to set php_value to memory_limit "1024M" no error is shown at the output.
So I tried to check some suhosin configs for this 1024M limit and found nothing.

So my initial question is:
Why does the server allow up to 1024M memory consumption even if global option is set to <1024M?

I assure that no config file overrides the global option and phpinfo() shows the globally set memory limit.
The php script is not the question here. It was just a testing script.

**
Update: Suhosin seems to have a default value of 1024M memory allocation.
So the user can set memory_limit up to 1024M with htaccess but w/o htaccess the usual global limit.
So with commented limit suhosin has an invisible limit of 1024 and the user can set this limit manually. But without manual setting the usual global limit will limit user scripts.

Best Answer

You mention .htaccess - yet your posting details from the CLI version of PHP (PHP 5.3.10-1ubuntu3.4 with Suhosin-Patch (cli)).

If the CLI version uses a different php.ini (quite-common) - then that's why you can't see the defined 1024MB

Run the following

php -i | grep -i php.ini

And compare it to the output of a file via a web browser, containing the following

<?php phpinfo();

If the path to php.ini differs, there's your answer, you're editing the wrong file.

For Suhosin

There is a specific setting for memory limit, which would be defined (typically) in /etc/php5/conf.d/20suhosin.ini

suhosin.memory_limit = 1024M

Related Solutions

Php – Upper memory limit apache

PHP, Webserver processes are also limited by the per process max memory limit. You'll have to ask an administrator to change the limit in this case. On linux/unix, you can check the limit with the following command in the shell:

ulimit -a

or use PHP to check:

<?php print system('ulimit -a'); ?>

Linux – Unable to remove limit on memory usage for PHP script

Background:

I just grabbed the current version of Piwik -- In version 1.5, line 969 appears as:

public function addRowsFromSerializedArray( $stringSerialized )
{
    $serialized = unserialize($stringSerialized);
    if($serialized === false)
    {
        throw new Exception("The unserialization has failed!");
    }
    $this->addRowsFromArray($serialized);
}

and is specifically $serialized = unserialize($stringSerialized);. The call to unserialize can be incredibly memory intensive. There is an excellent post here.

As you've noted, this clearly isn't a bug in your script and is a valid Out of Memory.

Suggestion: In the config file, as noted above in my comment:

/.../piwik/config/global.ini.php

I think you may need to increase one of these limits:

# during archiving, Piwik will limit the number of results recorded, for performance reasons
# maximum number of rows for any of the Referers tables (keywords, search engines, campaigns, etc.)
# this limit will also be applied to the Custom Variables names and values reports
datatable_archiving_maximum_rows_referers = 1000
# maximum number of rows for any of the Referers subtable (search engines by keyword, keyword by campaign, etc.)
datatable_archiving_maximum_rows_subtable_referers = 50

# maximum number of rows for any of the Actions tables (pages, downloads, outlinks)
datatable_archiving_maximum_rows_actions = 500
# maximum number of rows for pages in categories (sub pages, when clicking on the + for a page category)
# note: should not exceed the display limit in Piwik_Actions_Controller::ACTIONS_REPORT_ROWS_DISPLAY
#       because each subdirectory doesn't have paging at the bottom, so all data should be displayed if possible.
datatable_archiving_maximum_rows_subtable_actions = 100

# maximum number of rows for other tables (Providers, User settings configurations)
datatable_archiving_maximum_rows_standard = 500

where I changed the semi-colons to # signs just to make sf's autocolor readable.

You might also try adding:

CMD_TO_CHECK_SETTINGS="$PHP_BIN -i > /tmp/piwik-php-env.out"
$CMD_TO_CHECK_SETTINGS

to archive.sh to determine if there are other settings afoot which override the php.ini file.

Best Answer

For Suhosin

Related Solutions

Php – Upper memory limit apache

Linux – Unable to remove limit on memory usage for PHP script

Related Topic