On Wed, Oct 15, 2008 at 2:35 PM, Jeremy Chadwick <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 15, 2008 at 08:26:09PM +0100, Matthew Seaman wrote:
>> Jeremy Chadwick wrote:
>>
>>> Suhosin is not an extension you load in extensions.ini; it's a patch
>>> applied to the core of PHP.
>>
>> % grep suhosin /usr/local/etc/php/extensions.ini
>> extension=suhosin.so
>>
>> It's both a set of patches to the PHP core, and a loadable module.
>>
>>       Cheers,
>>
>>       Matthew
>
> Are you sure?

Yes - the suhosin extension is located in the ports tree at:
/usr/ports/security/php-suhosin

Install instructions are at:
http://www.hardened-php.net/suhosin/how_to_install_or_upgrade.html#installing_the_extension

It's been a while since I've looked at the suhosin options and I can't
remember what the differences are between the extension and the
core-php patch.

Matt
>
> # find /usr/local/lib/php -name "*suhosin*" -ls
> #
>
> # grep -i suhosin /var/db/ports/php5/options
> WITH_SUHOSIN=true
>
> # grep -i suhosin /usr/local/etc/php/extensions.ini
> #
>
> # pkg_version -v | grep php5
> php5-5.2.6_2                        =   up-to-date with port
> php5-extensions-1.1                 =   up-to-date with port
> php5-mysql-5.2.6_2                  =   up-to-date with port
> php5-pcre-5.2.6_2                   =   up-to-date with port
> php5-simplexml-5.2.6_2              =   up-to-date with port
>
> # grep -i php5 /usr/local/etc/apache22/httpd.conf
> LoadModule php5_module        libexec/apache22/libphp5.so
>
> # php -i | grep -i suhosin
> This server is protected with the Suhosin Patch 0.9.6.2
> suhosin.log.phpscript => 0 => 0
> suhosin.log.phpscript.is_safe => Off => Off
> suhosin.log.phpscript.name => no value => no value
> suhosin.log.sapi => no value => no value
> suhosin.log.script => no value => no value
> suhosin.log.script.name => no value => no value
> suhosin.log.syslog => no value => no value
> suhosin.log.syslog.facility => no value => no value
> suhosin.log.syslog.priority => no value => no value
> suhosin.log.use-x-forwarded-for => Off => Off
>
> :-)
>
> --
> | Jeremy Chadwick                                jdc at parodius.com |
> | Parodius Networking                       http://www.parodius.com/ |
> | UNIX Systems Administrator                  Mountain View, CA, USA |
> | Making life hard for others since 1977.              PGP: 4BD6C0CB |
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to