Bug#805966: apache2-mpm-itk: php file_get_contents via https freeze
tags 805966 help
thanks
On Tuesday 24 November 2015 12:38:36, Michal Mauser wrote:
> we have a problem with (not only) phpbb forum freezing for like 2
> minutes when doing file_get_contents (on itself) via https
> (verified certificate). We found that this problem occurs when we
> use apache2-mpm-itk (Jessie version) on the server but not when we
> use cgi. It also works normally if we use web browser to display
> the same page as requested by file_get_contents. We tested this
> with client php 5.4 and 5.6. The server is OpenVZ VM.
>
> We use itk widely so this complicates migrating servers to Jessie
> when there is file_get_contents in use in the website.
>
> Thank you for looking into this.
I fear I don't have enough time to configure a setup to reproduce
this. It would be helpful if someone could try to figure out what
causes the delay here, possibly using strace or some verbose php
logging.
The current version of mpm-itk installs a seccomp filter to prevent
privilege escalation to root. This has the side effect that suid-
binaries do not work when called by mpm-itk. Maybe something in
file_get_contents requires a suid root binary? Possibly something with
host name resolution?
Cheers,
Stefan
Reply to: