[amd64] php 5.0.5-* problemy - znaleziona przyczyna

Marcin Sztolcman msztolcman w post.pl
Śro, 14 Wrz 2005, 22:52:11 CEST


Paweł Gołaszewski wrote:

>>> notabene, jest z hardened jakis problem ? moze moglby byc nakladany 
>>> domyslnie ? zreszta chyba kiedys w php.spec widzialem nawet jakas 
>>> notke odnosnie tego tematu..
>> Zasadniczo brak testowania i nie wiadomo czy cos z okazji tego sie nie 
>> wykraczy. Sam chetnie bym to wlaczyl.

u mnie dziala na produkcyjnym z roznymi wersjami ladnych kilka miesiecy, 
i bez problemow

> A co on daje?
> Co utrudnia?

http://www.hardened-php.net/index.14.html
What is the Hardening-Patch?

The Hardening-Patch is a patchset that adds security hardening features 
to PHP to protect your servers on the one hand against a number of well 
known problems in PHP applications and on the other hand against 
potential unknown vulnerabilities within those applications or the PHP 
core itself.

Implemented protections (until now)

- Canary protection of the Zend Memory Manager
- Canary protection of Zend Linked Lists
- Canary protection of Zend HashTable Destructors
- Protection against internal format string exploits
- Protection against arbitrary (remote) code inclusion
- Configureable input variable filter (filter for size, length, number, 
depth)
- Syslog logging of attackers IP and attacked script
- Protects the superglobals from beeing overwritten by 
import_request_variables()/extract()
- Protects the superglobals from beeing overwritten by 
register_globals=On emulations
- memory_limit cannot be increased over the configured maximum
- Protection against malfunctional realpath() implementations
- Safe Unlink protection for the Zend Memory Manager
- Protection against information disclosure after failed SQL queries
- Protection against HTTP Response Splitting attacks
- Protection against Executor Recursion Crashes
- Allows protection against infected uploaded files

	MySZ

-- 
Marcin ``MySZ`` Sztolcman
http://diary.urzenia.net :: mailto:http://urzenia.net/email
System zarządzania treścią :: http://core-cms.com



Więcej informacji o liście dyskusyjnej pld-devel-pl