[php-maint] Suhosin patch yes or no for 5.4

Ondřej Surý ondrej at debian.org
Sun Jan 22 19:52:24 UTC 2012

I am saying that you can run cgi script under isolated account,
possibly in chroot,
so the danger is smaller.


On Sun, Jan 22, 2012 at 11:02, Thomas Goirand <thomas at goirand.fr> wrote:
> On 01/22/2012 05:59 PM, Ondřej Surý wrote:
>> Hi,
>> maybe there's another option - keep it enabled/disabled per SAPI.
>> I was thinking - disable in SAPIs where you can have privilege separation
>> (e.g. fpm, cgi, cli) and keep it enabled where it's part of web server
>> (apache2, apache2filter).
>> O.
> Are you saying that it has really no point to be used when using as a
> php5-cgi (I still don't have an answer to that one)?
> Thomas
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint

Ondřej Surý <ondrej at sury.org>

More information about the pkg-php-maint mailing list