Atomicorp

If you use phpadsnew please read this http://forum.phpadsnew.com/index.php?showtopic=9493

There is a bug that prevents it from working in 4.4.1

cool, thanks for the report!

Could the phpadsnew problem be responsible for a problem I'm having?

Basically every day for the past day or so I've found an httpd and mysql process together using 100% cpu on my dual processor machine.

This seems to have started after I upgraded to the latest ART php and mysql two weeks go (RH9).

I was going to ask for advice on how to trace the problem - top just shows the processes and pids, and ps doesn't show anything new about the offending processes.

But I know for a fact that one of my users uses phpadsnew.

Faris.

Can you try disabling phpadsnew for a day? If it happens again you'd know thats not the problem.

Is this bug already fixed in the current php art packages (4.4.1-1.rhfc3)? Or is it safe/advisable to upgrade from 4.4.0-3.rhfc3 which I'm running now.

Hmm.. Well, I asked the user to get rid of it and they did, and all seems to be well again. So I think it was very likely that it was the culprit.

It doesn't make sense for things to be so difficult to trace though. I hope to God that PSA 8 will see a change and apache will be run as the actual account user instead of just as httpd/apache.

Or is there something very complicated about doing it?

Breun - I'll be upgrading to the 4.4.1-1 shortly on my test machine. I'll let you know if I have any problems.

Faris.

You can do that with suphp (psa does this with cgi's now), which is handy for at least finding the user with the exploitable scripts faster.

How can you do what exactly with suphp?

It works just like suexec, php scripts would run as the user rather than as apache.

Ok, so if I'm not running phpAdsNew it should be safe to upgrade to 4.4.1-1 from art?

Can anyone confirm it's ok to upgrade to 4.4.1-1?

ditto. Am keen to apply latest update but if our developers have used this code anywhere and I go ahead and break it then they'll strangle me! Do I have to wait for php 4.4.2?

The newest version of phpadsnew is compatible with 4.4.1, so just update that and you're set.

tabacco wrote:The newest version of phpadsnew is compatible with 4.4.1, so just update that and you're set.

As I understand it it's not just phpadsnew but any php script that has this particular coding. We don't run phpadsnew but we do have a large amount of custom code, and I'm not keen on breaking live sites

Anyone got any ideas if the 4.4.1 from Art is still broken (not blaming scott for this by the way, I know it's a php release issue, just wondered if it's been fixed yet).

Yeah I always worry about that when I make a big update. Thats one reason I've been holding off on the php5 series. I just know that its going to cause all kinds of weird little tertiary apps to break. It happened with the php 4.3 package all over the place and I learned my lesson that time. Maybe its time to create an [atomic-bleeding] channel like the other maintainers do, so those bolder types can test these things out in advance.