[php-maint] Suhosin
Ondřej Surý
ondrej at sury.org
Wed Feb 25 00:21:32 UTC 2009
Please keep Cc to pkg-php-maint at lists.alioth.debian.org
On Wed, Feb 25, 2009 at 01:12, Marco Giardini <m.g at tecnogi.com> wrote:
> thanks a lot for your answer. I have not installed the php5-suhosin at all
> but it seems (phpinfo) that the suhosin patch has been compiled into php5
> There is a way to unistall the suhosin patch complied into php5?
No. The pointer to discussion you gave us here is speaking about suhosin
extension. And the guy there is also giving you links to suhosin extension.
suhosin patch has no session management at all, see yourself:
http://www.hardened-php.net/hphp/a_feature_list.html
And if imagevue hits these protections then really it's imagevue which needs
fixing.
Ondrej
> thanks
>
> marco
> - Show quoted text -
>
> On 25/feb/09, at 01:09, Ondřej Surý wrote:
>
>> On Wed, Feb 25, 2009 at 00:29, Marco Giardini <m.g at tecnogi.com> wrote:
>>>
>>> i have noted that is noit possible to have a php5.deb without the
>>> SUHOSIN patch.
>>
>> You are mixing php suhosin patch and suhosin extension. One is not
>> another.
>> Just uninstall php5-suhosin package (or just disable the extension)
>>
>>> Why?? I do not need the suhosin patch since it gives me some problems
>>> with imagevue ( http://imagevuex.com/forum/viewtopic.php?
>>> p=13808#13808 ).
>>> Why the debian maintainer does not prepare a php. deb without the
>>> suhosin patch?
>>
>> Why should we? php suhosin patch gives elementary security protection
>> for php application
>> and has really minimal impact.
>>
>> Ondrej
>> --
>> Ondřej Surý <ondrej at sury.org>
>
>
--
Ondřej Surý <ondrej at sury.org>
More information about the pkg-php-maint
mailing list