On Wed, Oct 15, 2008 at 02:47:00PM -0500, Matt wrote: > On Wed, Oct 15, 2008 at 2:35 PM, Jeremy Chadwick <[EMAIL PROTECTED]> wrote: > > On Wed, Oct 15, 2008 at 08:26:09PM +0100, Matthew Seaman wrote: > >> Jeremy Chadwick wrote: > >> > >>> Suhosin is not an extension you load in extensions.ini; it's a patch > >>> applied to the core of PHP. > >> > >> % grep suhosin /usr/local/etc/php/extensions.ini > >> extension=suhosin.so > >> > >> It's both a set of patches to the PHP core, and a loadable module. > >> > >> Cheers, > >> > >> Matthew > > > > Are you sure? > > Yes - the suhosin extension is located in the ports tree at: > /usr/ports/security/php-suhosin > > Install instructions are at: > http://www.hardened-php.net/suhosin/how_to_install_or_upgrade.html#installing_the_extension > > It's been a while since I've looked at the suhosin options and I can't > remember what the differences are between the extension and the > core-php patch.
Deep within their forums, I found an answer in a thread. The thread pointed me to this: http://www.hardened-php.net/suhosin/a_feature_list.html "Engine Protection" is not available in security/php-suhosin. Seems to me that the benefits of using the patch version easily outweigh that of the extension version, solely for protection against formatted string vulnerabilities. I also found this amusing tidbit, which is a sticky post on their forum: http://forum.hardened-php.net/viewtopic.php?id=122 That sticky also states that pspell.so will cause Suhosin to crash, advocating that pspell.so must come last in extension.so, but then also advocates simply not using pspell at all. I'm sure that does nothing but confuse users. Seems the OP has also posted there: http://forum.hardened-php.net/viewtopic.php?id=501 It would be interesting to know if the segfaults people experience are specific to the extension version of Suhosin. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"