Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: ergozd on April 27, 2005, 07:05:36 AM

Title: PHP RPMS 4.3.11 with Hardened-PHP patch
Post by: ergozd on April 27, 2005, 07:05:36 AM

Hi there!

I have re-compiled PHP RPMS with Hardened-PHP patch. More info about hardened-php here http://www.hardened-php.net/

Quote

What is the Hardened-PHP Project?

The Hardened-PHP Project is a group of people creating a patchset that adds security hardening features to PHP to protect your servers on the one hand against a number of well known problems in hastily written PHP scripts and on the other hand against potential unknown vulnerabilities within the engine itself.


Implemented protections (until now)

- Canary protection of the Zend Memory Manager
- Canary protection of Zend Linked Lists
- Canary protection of Zend HashTable Destructors
- Protection against internal format string exploits
- Protection against arbitrary code inclusion
- Configureable input variable filter (filter for size, length, number, depth)
- Syslog logging of attackers IP and attacked script
- Protects the superglobals from beeing overwritten by import_request_variables()/extract()
- memory_limit cannot be increased over the configured maximum
- Protection against malfunctional realpath() implementations
- Safe Unlink protection for the Zend Memory Manager

Copyright © 2004-2005 Hardened-PHP Project

BE AWARE that this version will NOT work with any accelerators like eaccelerator, mmcache, Zend Optiomizer.

If you still want to install these RPMS
http://mirror.contribs.org/smeserver/contribs/ergozd/contribs/Hardened-PHP/RPMS/
http://ergin.dyndns.org/download/RPMS/contribs/Hardened-PHP/RPMS/

Code: [Select]

[root@sme601dev root]# php -v
Hardened-PHP 4.3.11/0.2.7 (cli) (built: Apr 26 2005 19:52:22)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies


Title: PHP RPMS 4.3.11 with Hardened-PHP patch
Post by: gocdo on April 27, 2005, 03:11:53 PM

Installs ok but webmail, no errors, now has a problem.

All the old options are gone. Attempting to add them back returns a blank screen and no saved options. Any ideas?

Regards
kevin

Title: PHP RPMS 4.3.11 with Hardened-PHP patch
Post by: ergozd on April 27, 2005, 05:17:51 PM

Hi gocdo!

Did you have any accelerators installed? You'll have to uninstall those as I have mentioned. You can also check your logs (basically /var/log/messages) to see what's wrong.

If you want get back funtionality uninstall all php-rpms you installed

# rpm -qa|grep 4.3.11-2eo

then uninstall hardened-php
# rpm -e php php-imap php-mysql <other-php-packages>

You can then reinstall "normal" php with
http://mirror.contribs.org/smeserver/contribs/ergozd/scripts/php4.3.11-upgrade.sh

Title: PHP RPMS 4.3.11 with Hardened-PHP patch
Post by: gocdo on April 27, 2005, 11:00:46 PM

Found it - need to pear install DN again (noted in the other php upgrade thread). So fioxed.

Regards
kevin

Title: PHP RPMS 4.3.11 with Hardened-PHP patch
Post by: gocdo on April 28, 2005, 03:28:36 PM

Need to also pear install Mail (and then the 4 other ones that pear progressivley complains up about).

regards
Kevin

Title: Re: PHP RPMS 4.3.11 with Hardened-PHP patch
Post by: haj on May 04, 2005, 05:27:59 AM

Quote from: "ergozd"

What is the Hardened-PHP Project?

The Hardened-PHP Project is a group of people creating a patchset that adds security hardening features to PHP to protect your servers on the one hand against a number of well known problems in hastily written PHP scripts and on the other hand against potential unknown vulnerabilities within the engine itself.

Why not, just don't write "hastily written PHP scripts" ??

Title: PHP RPMS 4.3.11 with Hardened-PHP patch
Post by: ergozd on May 04, 2005, 12:39:06 PM

;-)