[Bug 316441] Re: PHP session garbage collection
Phil Bayfield
316441 at bugs.launchpad.net
Tue Feb 1 23:40:57 UTC 2011
The irony of the situation is that the latest Ubuntu PHP packages, in
Maverick and also Lucid I believe (but don't have a running version to
hand to verify) actually do contain the "original" php.net defaults for
garbage collection. So in fact BOTH the default PHP garbage collector
and the Debian cron job are running.
So now not only does this supposed security flaw (according to Ondřej)
now exist in the package, but also the half-assed Debian cron job that
doesn't even prevent multiple versions of itself running and causes
extremely high IO. Replacing one flawed system with another flawed
system is not a solution.
The reality is that Debian are the real package maintainers and Ubuntu
just make a few small modifications and run the auto build scripts,
hence we're probably wasting our breath raising the issue here.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
https://bugs.launchpad.net/bugs/316441
Title:
PHP session garbage collection
More information about the Ubuntu-server-bugs
mailing list