Ohh btw… > I have walked the bug list for 5.3 mentioning suhosin[2] to actually > at least partially support what I have just said. I have found few > bugs where suhosin was causing a problems ([3],[4]) and a handful of > bugs with "have suhosin, cannot help". I know this isn't (and can't > be) a definitive list, but it just show that > > P.S.: Also see stas reply[5] about valgrind. > > Links: > 1. > http://www.hardened-php.net/hphp/faq.html#why_is_hardening-patch_not_part_of_php > 2. > https://bugs.php.net/search.php?search_for=suhosin&boolean=0&limit=90&order_by=&direction=DESC&cmd=display&status=All&bug_type=All&project=PHP&php_os=&phpver=5.3&cve_id=&assign=&author_email=&bug_age=0&bug_updated=0 > 3. https://bugs.php.net/bug.php?id=60216 > 4. https://bugs.php.net/bug.php?id=60935 > 5. > http://www.suspekt.org/2008/10/12/suhosin-canary-mismatch-on-efree-heap-overflow-detected/
1) You understand that Hardening-Patch is not Suhosin-Patch, do you? 2) Maybe you should also search for: Have Debian, then use a clean PHP not a broken Debian build Bug 3 -> is not a bug in Suhosin, it is the fact that the suhosin.executor.max_depth function was not set correctly. Reading the documentation helps: http://www.hardened-php.net/suhosin/configuration.html#suhosin.executor.max_depth Bug 4 -> the guy is actually writing inside the bug report that the problem occurs with and without Suhosin 5) You can just start PHP with the environment variable SUHOSIN_MM_USE_CANARY_PROTECTION=0 and can use valgrind. So basically all points you bring up are no issues. Regards, Stefan Esser -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
