[Fwd: Suhosin Segmentation Fault]

Jeremy Chadwick koitsu at FreeBSD.org
Wed Oct 15 13:06:10 PDT 2008 

On Wed, Oct 15, 2008 at 02:47:00PM -0500, Matt wrote:
> On Wed, Oct 15, 2008 at 2:35 PM, Jeremy Chadwick <koitsu at freebsd.org> wrote:
> > On Wed, Oct 15, 2008 at 08:26:09PM +0100, Matthew Seaman wrote:
> >> Jeremy Chadwick wrote:
> >>
> >>> Suhosin is not an extension you load in extensions.ini; it's a patch
> >>> applied to the core of PHP.
> >>
> >> % grep suhosin /usr/local/etc/php/extensions.ini
> >> extension=suhosin.so
> >>
> >> It's both a set of patches to the PHP core, and a loadable module.
> >>
> >>       Cheers,
> >>
> >>       Matthew
> >
> > Are you sure?
> 
> Yes - the suhosin extension is located in the ports tree at:
> /usr/ports/security/php-suhosin
> 
> Install instructions are at:
> http://www.hardened-php.net/suhosin/how_to_install_or_upgrade.html#installing_the_extension
> 
> It's been a while since I've looked at the suhosin options and I can't
> remember what the differences are between the extension and the
> core-php patch.

Deep within their forums, I found an answer in a thread.  The thread
pointed me to this:

http://www.hardened-php.net/suhosin/a_feature_list.html

"Engine Protection" is not available in security/php-suhosin.  Seems to
me that the benefits of using the patch version easily outweigh that of
the extension version, solely for protection against formatted string
vulnerabilities.

I also found this amusing tidbit, which is a sticky post on their forum:

http://forum.hardened-php.net/viewtopic.php?id=122

That sticky also states that pspell.so will cause Suhosin to crash,
advocating that pspell.so must come last in extension.so, but then also
advocates simply not using pspell at all.  I'm sure that does nothing
but confuse users.

Seems the OP has also posted there:

http://forum.hardened-php.net/viewtopic.php?id=501

It would be interesting to know if the segfaults people experience are
specific to the extension version of Suhosin.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

More information about the freebsd-questions mailing list