From owner-freebsd-questions@FreeBSD.ORG  Wed Oct 15 19:47:02 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 471161065686
	for <freebsd-questions@freebsd.org>;
	Wed, 15 Oct 2008 19:47:02 +0000 (UTC)
	(envelope-from datahead4@gmail.com)
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168])
	by mx1.freebsd.org (Postfix) with ESMTP id C3D268FC15
	for <freebsd-questions@freebsd.org>;
	Wed, 15 Oct 2008 19:47:01 +0000 (UTC)
	(envelope-from datahead4@gmail.com)
Received: by ug-out-1314.google.com with SMTP id m2so1217103uge.39
	for <freebsd-questions@freebsd.org>;
	Wed, 15 Oct 2008 12:47:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to
	:subject:cc:in-reply-to:mime-version:content-type
	:content-transfer-encoding:content-disposition:references;
	bh=D9Vk0kj7F1clA3Zyc85sKLynTBJ/UTd2/q/8H+c7Wps=;
	b=g4mPgyT/PHLm5NAVKNYASO+RS2sNBoUo03JihGVDJtEIcshQsLu0Z08gMJNVzE8Ep1
	TfjhP0859KQjJeR0mHVUK2JSBugB4TpI1MD0ZfqFMIuifBqrNvHcKziTaV8GX4z1NbLu
	seC4Yz00h9HPDAMsNwyV6AxXwrU5oBEIO41lI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:cc:in-reply-to:mime-version
	:content-type:content-transfer-encoding:content-disposition
	:references;
	b=X1sU48SOkqWD3Py36JljJbOkmEptwjxygk8rGGWfna7YuaQpMTfDkKvTydHPDT4nDK
	8J2xo/bUc9On8vHHutvFCnnRyc6OEIeJzCMZFDQjIs8InDNRDhv0ZGY3dYidxRwm1RfB
	H4GnLWnvpgFXAdOrC7M9UMlER2GLlOSwEtJO0=
Received: by 10.210.25.19 with SMTP id 19mr1695458eby.38.1224100020379;
	Wed, 15 Oct 2008 12:47:00 -0700 (PDT)
Received: by 10.210.49.15 with HTTP; Wed, 15 Oct 2008 12:47:00 -0700 (PDT)
Message-ID: <cd6b4a5b0810151247j1f2d83bcr2c751f9387d73c46@mail.gmail.com>
Date: Wed, 15 Oct 2008 14:47:00 -0500
From: Matt <datahead4@gmail.com>
To: "Jeremy Chadwick" <koitsu@freebsd.org>
In-Reply-To: <20081015193541.GA85764@icarus.home.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <48F62774.2060609@k18.ch> <20081015185509.GB84864@icarus.home.lan>
	<48F643D1.3020500@infracaninophile.co.uk>
	<20081015193541.GA85764@icarus.home.lan>
Cc: Alain Wolf <wolf@k18.ch>, freebsd-questions@freebsd.org
Subject: Re: [Fwd: Suhosin Segmentation Fault]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Oct 2008 19:47:02 -0000

On Wed, Oct 15, 2008 at 2:35 PM, Jeremy Chadwick <koitsu@freebsd.org> wrote:
> On Wed, Oct 15, 2008 at 08:26:09PM +0100, Matthew Seaman wrote:
>> Jeremy Chadwick wrote:
>>
>>> Suhosin is not an extension you load in extensions.ini; it's a patch
>>> applied to the core of PHP.
>>
>> % grep suhosin /usr/local/etc/php/extensions.ini
>> extension=suhosin.so
>>
>> It's both a set of patches to the PHP core, and a loadable module.
>>
>>       Cheers,
>>
>>       Matthew
>
> Are you sure?

Yes - the suhosin extension is located in the ports tree at:
/usr/ports/security/php-suhosin

Install instructions are at:
http://www.hardened-php.net/suhosin/how_to_install_or_upgrade.html#installing_the_extension

It's been a while since I've looked at the suhosin options and I can't
remember what the differences are between the extension and the
core-php patch.

Matt
>
> # find /usr/local/lib/php -name "*suhosin*" -ls
> #
>
> # grep -i suhosin /var/db/ports/php5/options
> WITH_SUHOSIN=true
>
> # grep -i suhosin /usr/local/etc/php/extensions.ini
> #
>
> # pkg_version -v | grep php5
> php5-5.2.6_2                        =   up-to-date with port
> php5-extensions-1.1                 =   up-to-date with port
> php5-mysql-5.2.6_2                  =   up-to-date with port
> php5-pcre-5.2.6_2                   =   up-to-date with port
> php5-simplexml-5.2.6_2              =   up-to-date with port
>
> # grep -i php5 /usr/local/etc/apache22/httpd.conf
> LoadModule php5_module        libexec/apache22/libphp5.so
>
> # php -i | grep -i suhosin
> This server is protected with the Suhosin Patch 0.9.6.2
> suhosin.log.phpscript => 0 => 0
> suhosin.log.phpscript.is_safe => Off => Off
> suhosin.log.phpscript.name => no value => no value
> suhosin.log.sapi => no value => no value
> suhosin.log.script => no value => no value
> suhosin.log.script.name => no value => no value
> suhosin.log.syslog => no value => no value
> suhosin.log.syslog.facility => no value => no value
> suhosin.log.syslog.priority => no value => no value
> suhosin.log.use-x-forwarded-for => Off => Off
>
> :-)
>
> --
> | Jeremy Chadwick                                jdc at parodius.com |
> | Parodius Networking                       http://www.parodius.com/ |
> | UNIX Systems Administrator                  Mountain View, CA, USA |
> | Making life hard for others since 1977.              PGP: 4BD6C0CB |
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>