Page MenuHomePhabricator

Set `enable_dl` to 0 in php.ini
Closed, ResolvedPublic

Description

dl has always been an attack vector and in general a bad idea and a performance killer.

Its use is also deprecated, so we should carefully check if we can disable dl on php-fpm.

We'll need to do this in careful stages (beta/mwdebug/canaries/everywhere).

Event Timeline

Joe added a comment.Apr 15 2019, 2:23 PM

as I commented in the parent ticket, enable_dl should be off in production, and given HHVM didn't support it this should not create any issue.

Krinkle moved this task from Backlog to Wikimedia production on the PHP 7.2 support board.
colewhite triaged this task as Normal priority.Apr 16 2019, 5:32 PM

Change 502986 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/puppet@production] profile::mediawiki::php: tweak ini settings

https://gerrit.wikimedia.org/r/502986

Change 502986 merged by Giuseppe Lavagetto:
[operations/puppet@production] profile::mediawiki::php: tweak ini settings

https://gerrit.wikimedia.org/r/502986

jijiki closed this task as Resolved.Apr 24 2019, 10:13 PM
jijiki claimed this task.

@Joe @Krinkle, since we have pushed enable_dl => 0 to production, I am resolving this. Feel free to reopen if you disagree :)