Find centralized, trusted content and collaborate around the technologies you use most. Connect and share knowledge within a single location that is structured and easy to search.
We would like to modify several suhosin config parameters. Upon loading phpinfo function, we still see the old default values. However, we cannot change the default values of any of the suhosin parameters. Stack Overflow for Teams — Collaborate and share knowledge with a private group.
Create a free Team What is Teams? Collectives on Stack Overflow. Can you check with php -v to ensure it is installed? Yet phpinfo says that suhosin is installed and the messages log shows requests being blocked by suhosin eg. I was incorrect myself on the behavior. Only the suhosin. For some reason, I had thought that they were added previously, but after installing suhosin on my server again, the settings aren't appearing in the global php.
Thanks Tristan. Thanks Tristan - my question was the same as the above, as to where to find the configuration settings, but I'm entirely unclear on why the suhosin configuration settings are not in place at all. How is it that suhosin appears to be taking actions - at least by logging memory alerts - when it is not at all configured?
Also, what does the lack of configuration mean that it is actually supposed to be doing by default? Does the lack of configuration settings effectively mean that it offers none of the advertised protections until they are configured? If you don't have specific suhosin. You'll then see all of the suhosin. Of course remove that file when you're done so nobody else can view it.
Compare the suhosin. No -- the lack of specific configuration directives does NOT mean that it isn't offering any protection. Replies 2 Views Aug 31, Pinuccio. Automata Jan 26, Plesk Obsidian for Linux. Replies 3 Views 3K. Mar 28, claxman. Issue Cannot install mongodb configure: error: cannot run C compiled programs.
Replies 1 Views Nov 17, IgorG. Resolved Wrong php version during Drupal 9. Kulturmensch Jun 4, Plesk Obsidian for Linux. Aug 20, Kulturmensch. The advantage in doing this is that you may be able to install a version of PHP that is more current than the latest available in your RPM repositories. The disadvantage is that once you've done this you can't rely on automatic updates to keep your PHP installation current as the new install won't have Suhosin.
Make sure before you start down this route that you have the rpm-build package installed. You can do this using:. Installation on CentOS 5. You can do this by checking the output from:. If you don't have any or all of the packages that you want installed you can use yum to install them. Unfortunately the yum utility cannot be used to install source packages so you have to download them by hand. You can use the following commands to download the source for php 5. If you encounter warnings about the user or group mockingbird not existing and the rpm using root don't worry, these are not errors.
Once the patch is downloaded you'll want to check the MD5 sum of the patch and compare it to the one listed on the distribution website just to be sure the download hasn't been tampered with. Of course if an attacker compromised the Hardened-PHP web server they could tamper with the patch and modify the published MD5 hash.
Hardened-PHP also publishes a GPG key public key that can be used to verify the patch signature, but again, an attacker who controlled the web server could change that. It's probably sufficient just to check the MD5 hash value.
To download and confirm the MD5 use:. Note that we're also renaming the patch to follow convention:. Next you have to edit the PHP RPM specification file in order to comment out a conflicting package ecalloc and add in the new Suhosin patch. You may get a lot of dependency errors as a result of this command. Go ahead and add the packages using yum and retry if this is the case.
In my case this list was quite long so the update was as well:.
0コメント