[php-maint] Bug#719982: Bug#719982: php5: "-maxdepth 1" in "sessionclean" assumes sessions are not sorted into subdirectories

[Ondřej Surý]

Control: tag -1 +wontfix
Control: severity -1 wishlist

Gergely,

please read the bug the Thijs already mentioned - removing maxdepth has a security implications.

If you modify the default settings you are responsible also to modify the other ends. The session cleaning is documented in Debian package and we simply cannot handle all possible configuration options the user might set.

Ondřej Surý

> On 17. 8. 2013, at 12:07, Gergely Szelei <gargaj at conspiracy.hu> wrote:
> 
> Package: php5
> Version: 5.4.17-1~dotdeb.1
> Severity: important
> 
> Dear Maintainer,
> 
> The "find" command in the "sessionclean" script that performs the session GC has a "-maxdepth 1"
> parameter that keeps the command from traversing into subdirectories. However, the "save_path"
> option offers a possibility to set up the session storage in automatic subdirectories. If this
> is done, sessionclean will NEVER remove any sessions and they will keep accumulating
> infinitely.
> 
> -- System Information:
> Debian Release: 7.1
>  APT prefers stable-updates
>  APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 3.2.17-hyperv (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> 
> Versions of packages php5 depends on:
> ii  libapache2-mod-php5  5.4.17-1~dotdeb.1
> ii  php5-common          5.4.17-1~dotdeb.1
> 
> php5 recommends no packages.
> 
> php5 suggests no packages.
> 
> -- no debconf information
> 
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint