[php-maint] Suhosin
Marco Giardini
m.g at tecnogi.com
Wed Feb 25 00:24:42 UTC 2009
ok, thanks.
than i will get the php5 source and compile it without the patch.
thanks
marco
On 25/feb/09, at 01:21, Ondřej Surý wrote:
> Please keep Cc to pkg-php-maint at lists.alioth.debian.org
>
> On Wed, Feb 25, 2009 at 01:12, Marco Giardini <m.g at tecnogi.com> wrote:
>> thanks a lot for your answer. I have not installed the php5-suhosin
>> at all
>> but it seems (phpinfo) that the suhosin patch has been compiled
>> into php5
>> There is a way to unistall the suhosin patch complied into php5?
>
> No. The pointer to discussion you gave us here is speaking about
> suhosin
> extension. And the guy there is also giving you links to suhosin
> extension.
> suhosin patch has no session management at all, see yourself:
>
> http://www.hardened-php.net/hphp/a_feature_list.html
>
> And if imagevue hits these protections then really it's imagevue
> which needs
> fixing.
>
> Ondrej
>
>> thanks
>>
>> marco
>> - Show quoted text -
>>
>> On 25/feb/09, at 01:09, Ondřej Surý wrote:
>>
>>> On Wed, Feb 25, 2009 at 00:29, Marco Giardini <m.g at tecnogi.com>
>>> wrote:
>>>>
>>>> i have noted that is noit possible to have a php5.deb without the
>>>> SUHOSIN patch.
>>>
>>> You are mixing php suhosin patch and suhosin extension. One is not
>>> another.
>>> Just uninstall php5-suhosin package (or just disable the extension)
>>>
>>>> Why?? I do not need the suhosin patch since it gives me some
>>>> problems
>>>> with imagevue ( http://imagevuex.com/forum/viewtopic.php?
>>>> p=13808#13808 ).
>>>> Why the debian maintainer does not prepare a php. deb without the
>>>> suhosin patch?
>>>
>>> Why should we? php suhosin patch gives elementary security
>>> protection
>>> for php application
>>> and has really minimal impact.
>>>
>>> Ondrej
>>> --
>>> Ondřej Surý <ondrej at sury.org>
>>
>>
>
>
>
> --
> Ondřej Surý <ondrej at sury.org>
More information about the pkg-php-maint
mailing list