This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Issues with Drupal and Sentora (WSOD) due to proc_open and escapeshellarg
#1
Issues with Drupal and Sentora (WSOD) due to proc_open and escapeshellarg
So, I'm posting this here in hopes someone can help explain what this is and why it caused problems.

Basically I got Sentora up and running with 6 of my websites on a VPS through digitalocean (fantastic web hosting provider btw). All the sites were running fine, until I moved my biggest Drupal site with the most modules and customizations.

I was getting Drupal white pages (WSOD - white screen of death) all over the place on random pages. I would view a content page, it would be fine, but then when I went to edit it, bam, WSOD and no idea what was going on.

Also when I tried to change things in the administrative area of Drupal, most was okay, but some pages like the configuration page for Image settings (image Magick and GD2) would show a WSOD.

Very strange.

Well, I could never figure out how to enable the errors to show, I had them enabled and also added the necessary info to the index.php to turn on display of errors, but I still got a WSOD (if you know how I can fix that, please let me know in the comments). So since I wasn't getting anything helpful, I enabled the database logging module.

Then when I reloaded the pages that were going WSOD, the Drupal log started to show the errors.

Basically errors came up stating issues with escapeshellarg and proc_open being disabled.

The errors were something like this:
sentora proc_open() has been disabled for security reasons in
and
sentora escapeshellarg() has been disabled for security reasons in

Having no idea what these are or why they were coming up, I kept searching Google. Then I came across something called Suhosin that Sentora uses. So I took a wild guess and figured these two things being disabled were probably causing my issues. I don't know what these are, but none of my shared hosting providers I have used in the past had these disabled, as I never came across this issue. So I don't know why Sentora disables these by default. You would think they wouldn't be.

Anyway, I found out you can go into the Sentora control panel and edit the code directly in the interface.

You can edit the Suhosin values by going to the control panel "Module Admin" > "Apache Config" > "Suhosin Value”

The text box has these values:

php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_nice, proc_open, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"

I basically removed these items:
escapeshellarg and proc_open
popen, pclose, proc_nice, proc_open, proc_terminate, proc_get_status, proc_close

I tried just removing escapeshellarg and proc_open, but the error for proc_open kept appearing in the log files and I was still getting the WSOD. So finally I just decided to try removing everything proc related.

Then after restarting Apache and loading the page, everything magically started working again. no more WSOD and no more errors in my log file.

I'm posting this here in case anyone else is out there searching for Drupal Sentora issues due to these two things. Hopefully this post will save you hours of research and pulling your hair out.

Also if you can comment or share information around this stuff, that would be greatly appreciated!

Thanks!
Reply
Thanks given by:
#2
RE: Issues with Drupal and Sentora (WSOD) due to proc_open and escapeshellarg
Welcome to Sentora!

Now, unfortunately the way you did this disables those protections for ALL accounts and domains on your server and is NOT suggested.


If you only need it disabled for the one domain, replace those settings with the default again and then go to Admin>Module Admin>Apache Config>Override a Virtualhost Setting>[select domain]>Untick the box for Suhosin Enabled> Save and wait for the daemon to run (about 5 mins). That is the 'quick and dirty' way to disable it for just that domain.

Default entries:
Code:
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#3
RE: Issues with Drupal and Sentora (WSOD) due to proc_open and escapeshellarg
Awesome! Thanks for this post. This is really helpful and I hope it helps others. I will do as you instruct above.

Can I ask one more thing, what is SuHosin, just a form of protection from users hacking the site or gaining access to other things on the server?

The domain I want to disable it on is my domain, so I assume it's okay to disable it. In fact I disabled the way I did as it was the only way I knew how to and because I am the only user of this server ( I do not resell or give out hosting accounts on this). I just wanted the control panel to make administering the server and email easier. So perhaps it's okay to disable SuHosin completely if it's more for protection from users that I would resell the hosting to?

Eitherway, I think I will follow as you mentioned above for best practice, but I'm just curious. Thank you very much for the support in advance!
Reply
Thanks given by:
#4
RE: Issues with Drupal and Sentora (WSOD) due to proc_open and escapeshellarg
This describes suhosin better than I can: http://en.wikipedia.org/wiki/Suhosin
Wink
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by: americanninja
#5
RE: Issues with Drupal and Sentora (WSOD) due to proc_open and escapeshellarg
https://github.com/stefanesser/suhosin

http://www.suhosin.org/stories/index.html
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask

200$ free to start your VPS 60 days credit
Reply
Thanks given by: americanninja
#6
RE: Issues with Drupal and Sentora (WSOD) due to proc_open and escapeshellarg
Great stuff Me.B...the second link was the perfect explanation I was looking for. Thanks everyone!
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Is Sentora dead? rajeevrrs 2 3 ,981 12-17-2022, 09:20 AM
Last Post: TGates
Sentora debug and error files johnnyp 0 1 ,596 10-27-2022, 06:16 PM
Last Post: johnnyp
Transfer Account to another Sentora BenI 1 3 ,349 07-21-2022, 07:19 PM
Last Post: Nigel

Forum Jump:


Users browsing this thread: 1 Guest(s)