Public bug reported: Binary package hint: php5
First, I know bugs related to suhosin have been discussed before and understand that you can choose to use the module or not by installing php5-suhosin. However, there is currently no way to disable the core suhosin patch except to build your own PHP5 packages. The Suhosin patch itself adds significant memory and cpu overhead to PHP and there should be a way to disable it without having to go through the headache of maintaining our own modules. In our case we are serving the page http://store.steampowered.com/app/500/ as an example, with the default Ubuntu package with Suhosin we get peak memory usage during page generation of 9961472 bytes, and a total execution time of ~75ms. If we rebuild without the Suhosin patch and use a custom package we end up with peak memory usage of 7077888 bytes and a page generation time of roughly 50ms. These same type of results (ie, roughly 40% increased memory usage and 20-50% increased CPU usage) are easily repeatable across many machines and across many different page requests. Since our code is well audited and secure, and since the memory canaries it provides only help detect memory corruption bugs in PHP itself and do not prevent them we see no reason we would ever wish to run with it enabled on our production servers. Please provide packages for Ubuntu that don't force the inclusion of Suhosin! ** Affects: php5 (Ubuntu) Importance: Undecided Status: New -- Need package for php5 without suhosin patch https://bugs.launchpad.net/bugs/498022 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
