When trying to run the PEAR installer go-pear.phar on one of our servers, it exited without any notice and without seeming to do anything.
After some searching I found that the syslog contained the error message:
Dec 15 12:59:47 scms suhosin[13658]:
ALERT - Include filename ('phar://go-pear.phar/index.php')
is an URL that is not allowed
(attacker 'REMOTE_ADDR not set', file '/root/go-pear.phar', line 1236)
Dec 15 12:59:47 scms suhosin[13658]:
ALERT - script tried to disable memory_limit by setting it to a negative value
-1 bytes which is not allowed
(attacker 'REMOTE_ADDR not set', file 'unknown')
So I knew it was Suhosin, the "advanced protection module for PHP5". It's enabled by default on Debian and Ubuntu.
Instead of simply disabling it, I allowed the phar stream wrapper with Suhosin:
$ emacs /etc/php5/cli/conf.d/suhosin.ini .. add the following line: suhosin.executor.include.whitelist = phar