[amd64] php 5.0.5-* problemy - znaleziona przyczyna
Marcin Sztolcman
msztolcman w post.pl
Śro, 14 Wrz 2005, 22:52:11 CEST
Paweł Gołaszewski wrote:
>>> notabene, jest z hardened jakis problem ? moze moglby byc nakladany
>>> domyslnie ? zreszta chyba kiedys w php.spec widzialem nawet jakas
>>> notke odnosnie tego tematu..
>> Zasadniczo brak testowania i nie wiadomo czy cos z okazji tego sie nie
>> wykraczy. Sam chetnie bym to wlaczyl.
u mnie dziala na produkcyjnym z roznymi wersjami ladnych kilka miesiecy,
i bez problemow
> A co on daje?
> Co utrudnia?
http://www.hardened-php.net/index.14.html
What is the Hardening-Patch?
The Hardening-Patch is a patchset that adds security hardening features
to PHP to protect your servers on the one hand against a number of well
known problems in PHP applications and on the other hand against
potential unknown vulnerabilities within those applications or the PHP
core itself.
Implemented protections (until now)
- Canary protection of the Zend Memory Manager
- Canary protection of Zend Linked Lists
- Canary protection of Zend HashTable Destructors
- Protection against internal format string exploits
- Protection against arbitrary (remote) code inclusion
- Configureable input variable filter (filter for size, length, number,
depth)
- Syslog logging of attackers IP and attacked script
- Protects the superglobals from beeing overwritten by
import_request_variables()/extract()
- Protects the superglobals from beeing overwritten by
register_globals=On emulations
- memory_limit cannot be increased over the configured maximum
- Protection against malfunctional realpath() implementations
- Safe Unlink protection for the Zend Memory Manager
- Protection against information disclosure after failed SQL queries
- Protection against HTTP Response Splitting attacks
- Protection against Executor Recursion Crashes
- Allows protection against infected uploaded files
MySZ
--
Marcin ``MySZ`` Sztolcman
http://diary.urzenia.net :: mailto:http://urzenia.net/email
System zarządzania treścią :: http://core-cms.com
Więcej informacji o liście dyskusyjnej pld-devel-pl