Debian Lenny, suhosin-patch

Discussion in 'Server Operation' started by TheRudy, Oct 15, 2009.

  1. TheRudy

    TheRudy ISPConfig Developer ISPConfig Developer

    Hey guys!

    I have debian lenny (no control panel) running with the latest PHP5 that's available for it.

    I've also disabled some common PHP functions that are a risk like exec, system, passthru... in php.ini

    But now I need for one domain name to be able to run some external software with passthru.

    Now, as far as I know lenny PHP5 is already compiled with suhosin-patch.

    On the suhosin website it says that with suhosin-patch only logging functions are supported. :S

    I've tried by adding this to htaccess:
    php_flag suhosin.executor.func.whitelist "passthru"

    And of course the error is that passthru has been disabled for security reasons..

    So, first, do i need to install suhosin?
    aptitude install suhosin
    Or am I missing something and I can do this with suhosin-patch?

    Little pointers needed if you guys are so kind..
  2. falko

    falko Super Moderator ISPConfig Developer

  3. TheRudy

    TheRudy ISPConfig Developer ISPConfig Developer

    Well I can remove the disabled functions from php.ini and block them using suhosin. The effect should be the same or not?

    I'm just confused about it a bit.. Actually i'm just checking if installing suhosin on lenny using aptitude will be wrong since its already using patch.

    Basically a combo of suhosin-patch compiled into php + suhosin as extension.

    Don't really like the other option of having php.ini per domain. :)
  4. TheRudy

    TheRudy ISPConfig Developer ISPConfig Developer

    So yeah, i've been searching the net and really not a lot of useful info out there about suhosin and set ups..

    So basically I installed php5-suhosin extension.

    I don't know why but before when I tried it, it blocked even DEFINE within PHP.

    This time its working and I must say that its really good!

    So basically I moved the functions that I block from php.ini into suhosin.php. Then I set the whilelist for 1 function for 1 domain name and voila. Really simple.

    I also changed the default values of:
    Code: = 200
    Code: = 2048

    suhosin.request.max_vars = 200
    suhosin.request.max_vars = 2048
    That's it.

Share This Page