Hey guys! I have debian lenny (no control panel) running with the latest PHP5 that's available for it. I've also disabled some common PHP functions that are a risk like exec, system, passthru... in php.ini But now I need for one domain name to be able to run some external software with passthru. Now, as far as I know lenny PHP5 is already compiled with suhosin-patch. On the suhosin website it says that with suhosin-patch only logging functions are supported. :S I've tried by adding this to htaccess: php_flag suhosin.executor.func.whitelist "passthru" And of course the error is that passthru has been disabled for security reasons.. So, first, do i need to install suhosin? Code: aptitude install suhosin Or am I missing something and I can do this with suhosin-patch? Little pointers needed if you guys are so kind..
I don't think Suhosin will help you if you have disabled some functions in php.ini. But you could set up Apache with mod_fcgid. This allows you to specify custom php.ini files for each web site: http://www.howtoforge.com/how-to-set-up-apache2-with-mod_fcgid-and-php5-on-debian-lenny
Well I can remove the disabled functions from php.ini and block them using suhosin. The effect should be the same or not? I'm just confused about it a bit.. Actually i'm just checking if installing suhosin on lenny using aptitude will be wrong since its already using patch. Basically a combo of suhosin-patch compiled into php + suhosin as extension. Don't really like the other option of having php.ini per domain.
So yeah, i've been searching the net and really not a lot of useful info out there about suhosin and set ups.. So basically I installed php5-suhosin extension. I don't know why but before when I tried it, it blocked even DEFINE within PHP. This time its working and I must say that its really good! So basically I moved the functions that I block from php.ini into suhosin.php. Then I set the whilelist for 1 function for 1 domain name and voila. Really simple. I also changed the default values of: Code: suhosin.post.max_vars = 200 to Code: suhosin.post.max_vars = 2048 and Code: suhosin.request.max_vars = 200 to Code: suhosin.request.max_vars = 2048 That's it.
