Questions tagged [suhosin]

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

Suhosin is an advanced protection system for PHP installations.

It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

Suhosin comes in two independent parts, that can be used separately or in combination.
The first part is a small patch against the PHP core, that implements a few low-level protections against buffer overflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Unlike the PHP Hardening-Patch, Suhosin is binary compatible with a normal PHP installation, which means it is compatible to a third-party binary extension like ZendOptimizer.

67 questions

votes

1 answer

suhosin patch dedicated file log

Is it possible to move the suhosin patch's logs from the syslog to a dedicated file ? Cacti is called every 5 min by a cron and try to set the memory limit to -1 So, each time Cacti is called, I've 2 messages in the syslog. ALERT - script tried to…

asked Jun 25 '13 at 12:59

Thomas K

1,067
1
15
35

votes

0 answers

PHP 5 without Suhosin

I'm planning an upgrade from Debian 6 (Squeeze) to 7 (Wheezy), which brings along php 5.4 and omits Suhosin. Rightly or wrongly, Suhosin gives me a sense of security, because it lets me know about (some) hack attempts. e.g. I notice that my site…

php suhosin php-5.4

asked Jun 04 '13 at 14:56

artfulrobot

20,637
11
55
81

votes

0 answers

How to disable use of special php functions on a subdirectory with suhosin extension?

I have a Website using Concrete5. I need to allow the client to access the subpage domain\blocks. The problem is that if the person with this permissions create a Block and put some code like: file_get_contents('C:\xampp\htdocs\somefile.php'); He…

php apache xampp concrete5 suhosin

asked Apr 05 '13 at 16:25

1st4ck

1,267
11
11

votes

0 answers

Installing aws php sdk with phar

I am trying to use the AWS SDK for PHP 2 to create a file on S3. Installing via Phar: http://docs.aws.amazon.com/awssdkdocsphp2/latest/gettingstartedguide/sdk-php2-installing-the-sdk.html#sdk-php2-installing-via-phar I added the following line to…

php ubuntu amazon-web-services phar suhosin

asked Apr 01 '13 at 00:05

Enkay

1,898
6
24
35

votes

1 answer

Why is suhosin.executor.allow_symlink a security issue?

I came to problem with this Can't open file in php if one of directories is a symlink suhosin ducumentation said that suhosin.executor.allow_symlink This flag reactivates symlink() when open_basedir is used, which is disabled by default in…

php security symlink suhosin

asked Jul 19 '12 at 21:31

jcubic

61,973
54
229
402

votes

1 answer

Does suhosin force some options in php.ini?

I can't seem to change some values in php.ini. For example: display_errors = On I can only turn it on on runtime. I suspect that suhosin is messing with this, is there any way to bypass it? Yes I'm sure I'm editing the right files, but look at this,…

php suhosin

asked May 19 '12 at 14:34

HappyDeveloper

12,480
22
82
117

votes

1 answer

Suhosin changes

I've recently purchased a virtual server in order to use it as a stage development for my site which is based on a forum script (ipb). Problem is that before the installation and after it, ipb shows me some messages about suhostin limits. For…

suhosin ipb

asked Apr 14 '12 at 09:44

coolme

Prev 1 2 3 4