A lot of people have problems with PHP the language, but I’ve never come into this problem involving Apache PHP module before.

A long time customer got back in touch with me.  A web app he’s been working on was getting ready to go prime time and they ran a security audit on the server. That audit found several things wrong, and strongly recommended an upgrade to PHP 5.2.10.  As of this writing, PHP 5.2.10 was very new and Debian testing didn’t even have a package for it yet.  So I fiddled around and finally found did the right combination of pinning to install PHP 5.2.10 from unstable.  If you are thinking “Yikes!” then you are already ahead of me.

The next day, I get an email saying that their webapp just stops.  I get on and, sure enough, sometimes, randomly, you get a blank page.  Not a 404, 405, or another error — just a blank white page.  A reload it works fine.  I checked out /var/log/apache2/error.log and see tons of messages with the following:

[notice] child pid 24483 exit signal Segmentation fault (11)
[notice] child pid 24485 exit signal Segmentation fault (11)
[notice] child pid 24481 exit signal Segmentation fault (11)
[notice] child pid 24489 exit signal Segmentation fault (11)

Oh, that’s bad.   Playing around with it demonstrates that the seg fault happens when the page doesn’t show up — just like I thought.

Now I get into detective mode and try to figure out what the heck is going on.  I found DotDeb, which makes fresh Debian packages for older releases — like PHP 5.2.10!  But the installers of that package was having the same problems I had.  By careful reading, it seems that Debian installed at least part of the Suhosin patch and that seems to be culprit.  Users commented that disabling it seemed to stop the seg faults — but how do you do that?

I looked at the configurations in /etc/php5 and there was a file in conf.d called suhosin.ini, but no mention of it in the main apache2/php.ini file (the main PHP config for Apache2). In a lark I moved suhosin.ini to suhosin.ini.bad and restarted Apache.   And the problem when away.  Like magic.

This is the problem when you are forced to always have the latest and greatest tools. And PHP is a hard one — you are always chasing your tail with it’s security.  But it really should “just work”.

As you can see on the sidebar, I use Twitter.  I think it’s cool but I know that it took me a while to “get it” and I know many people who still don’t get it.  But I can’t explain what “it” is.

I tweet pretty much from the command line.  A simple google search will help you figure it out, but for the impatient, I do:

curl --basic --user username:passwd --data status="my update" \

http://twitter.com/statuses/update.xml

Of course, I am not going to type that in every time.  This is too complicated for an alias.  A lot of people would then put this into a script, but I don’t like one or two loner scripts. I find functions much better for this kind of thing.  So this is in my ~/.aliases file:

function tweet() {
curl --basic --user username:passwd --data status=\"$1\" \

http://twitter.com/statuses/update.xml

}

The $1 is where my status update would be. So then I do:

tweet "this is my status"

And then I get some XML back that confirmed my status change.