Re: PHP 5.16 and Sihuson

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



# gkreme@xxxxxxxxx / 2006-10-18 10:57:52 -0600:
> php -v
> PHP 5.1.6 with Suhosin-Patch 0.9.5 (cli) (built: Oct 18 2006 08:36:59)
> Copyright (c) 1997-2006 The PHP Group
> Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
> 
> This configuration cause no end of problems, and I finally compiled  
> php without the Suhosin-Patch.  Everything is back to normal and  
> working.
> 
> with the patch, there were numerous errors and problems:
> 
> [Wed Oct 18 09:58:05 2006] [error] ALERT - canary mismatch on efree()  
> - heap overflow or double efree detected (attacker 'my.dot.ip.adr',  
> file '/usr/local/www/wordpress/wp-admin/edit.php')
> [Wed Oct 18 10:26:06 2006] [error] ALERT - canary mismatch on efree()  
> - heap overflow or double efree detected (attacker 'my.dot.ip.adr',  
> file '/usr/local/www/data/phpMyAdmin/index.php')
> 
> etc.
> 
> Is it possible to have Suhosin-Patch enabled and somehow avoid these  
> heap overflows, or is Suhosin still not ready for a production  
> environment?

    The Suhosin patch only reports the double free() in PHP so if
    anything it's PHP that's not ready for production. You can disable
    the patch but that won't fix the bug in PHP.

-- 
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man.  You don't KNOW.
Cause you weren't THERE.             http://bash.org/?255991

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux