Stefan Teleman wrote:
(snip...)
I believe we should also Purify PHP. The problem is that Purify
probably won't work on Nevada, but we could build PHP on a release of
S10 they support, and it will still catch buffer overflows, ABR/ABW,
UMR, stack corruption, double deletion, etc. We could then publish
the results of the Coverity audit and of the Purify output, and we
could forward them to php-security.org, along with patches. This
would give the PHP community an objective base for requesting bug and
security fixes.
While Nevada may not run Purify, it is possible to get a subset of this
with umem debugging, which is in nevada and as Open Source has been
ported to Linux by an ISV. This sounds like an excellent thing to get
going under the new OpenSolaris project! The upstream projects can take
it into their codebases as well if they'd like to do so.
Speaking of which, we haven't been set up yet, have we?
It may also be interesting to see what, if anything, can be done about
reducing privilege sets for this OpenSolaris Apache/PHP stack to at
least reduce the possibility of nefarious activities if (when?) there is
a vulnerability. My colleague Alec Muffet may be able to lend some
thoughts there.
- Matt
--
Matt Ingenthron - Web Infrastructure Solutions Architect
Sun Microsystems, Inc. - Client Solutions, Systems Practice
http://blogs.sun.com/mingenthron/
email: [EMAIL PROTECTED] Phone: 310-242-6439
_______________________________________________
opensolaris-discuss mailing list
[email protected]
