Page MenuHomePhabricator

Set `enable_dl` to 0 in php.ini
Closed, ResolvedPublic

Description

dl has always been an attack vector and in general a bad idea and a performance killer.

Its use is also deprecated, so we should carefully check if we can disable dl on php-fpm.

We'll need to do this in careful stages (beta/mwdebug/canaries/everywhere).

Event Timeline

as I commented in the parent ticket, enable_dl should be off in production, and given HHVM didn't support it this should not create any issue.

colewhite triaged this task as Medium priority.Apr 16 2019, 5:32 PM

Change 502986 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/puppet@production] profile::mediawiki::php: tweak ini settings

https://gerrit.wikimedia.org/r/502986

Change 502986 merged by Giuseppe Lavagetto:
[operations/puppet@production] profile::mediawiki::php: tweak ini settings

https://gerrit.wikimedia.org/r/502986

jijiki claimed this task.

@Joe @Krinkle, since we have pushed enable_dl => 0 to production, I am resolving this. Feel free to reopen if you disagree :)