# gkreme@xxxxxxxxx / 2006-10-18 10:57:52 -0600:
> php -v
> PHP 5.1.6 with Suhosin-Patch 0.9.5 (cli) (built: Oct 18 2006 08:36:59)
> Copyright (c) 1997-2006 The PHP Group
> Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
>
> This configuration cause no end of problems, and I finally compiled
> php without the Suhosin-Patch. Everything is back to normal and
> working.
>
> with the patch, there were numerous errors and problems:
>
> [Wed Oct 18 09:58:05 2006] [error] ALERT - canary mismatch on efree()
> - heap overflow or double efree detected (attacker 'my.dot.ip.adr',
> file '/usr/local/www/wordpress/wp-admin/edit.php')
> [Wed Oct 18 10:26:06 2006] [error] ALERT - canary mismatch on efree()
> - heap overflow or double efree detected (attacker 'my.dot.ip.adr',
> file '/usr/local/www/data/phpMyAdmin/index.php')
>
> etc.
>
> Is it possible to have Suhosin-Patch enabled and somehow avoid these
> heap overflows, or is Suhosin still not ready for a production
> environment?
The Suhosin patch only reports the double free() in PHP so if
anything it's PHP that's not ready for production. You can disable
the patch but that won't fix the bug in PHP.
--
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man. You don't KNOW.
Cause you weren't THERE. http://bash.org/?255991
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
