Disabling the Suhosin patch by default in Debian Wheezy (Debian Testing)
Amos Shapira
amos.shapira at gmail.com
Sun Feb 26 22:02:00 IST 2012
I'm not on top of PHP ecosystem, but this article makes Suhosin for PHP
sound like what anti viruses are for windows - just fix the bloody core
instead of patching around its sub-par code quality.
On Feb 26, 2012 7:25 PM, "Omer Zak" <w1 at zak.co.il> wrote:
> Very interesting and depressing article.
> The general problem is one of securing large software packages.
>
> On one hand, there are optional security patches for the Linux kernel.
> Some of them retain their independence for a while. Others get merged
> into the stock kernel.
>
> On the other hand, I don't remember seeing similar problems with Perl or
> Python. Somehow, they manage to incorporate all security fixes into the
> standard interpreters, so there is no need for patches like PHP's
> Suhosin.
>
> Why is there a difference among PHP, Linux kernel and Perl/Python
> handling of security vulnerabilities?
>
> P.S.: One must remember that the Free Software/Open Source nature of
> all those projects allows people to at all develop and apply independent
> security patches - something whose absence is overwhelming in ecosystems
> like MS-Windows.
>
> --- Omer
>
>
> On Sun, 2012-02-26 at 04:07 +0200, Baruch Siach wrote:
> > Hi Omer,
> >
> > On Sat, Feb 25, 2012 at 11:21:38PM +0200, Omer Zak wrote:
> > > Today, when I upgraded my old PC, which is running Debian Testing
> > > (currently Debian Wheezy), I was informed of the following:
> > >
> > > php5 (5.3.9-4) unstable; urgency=low
> > >
> > > * The Suhosin patch is now disabled in the default build.
> > >
> > > If you want to re-enable it again for your installation, you can
> > > set the option PHP5_SUHOSIN=yes in debian/rules and recompile PHP.
> > >
> > > -- Ondřej Surý <ondrej at debian.org> Sat, 28 Jan 2012 08:39:36 +0100
> > >
> > > Does anyone know why did the packers decide to reverse the previous
> > > policy of installing PHP5 with the Suhosin patch by default?
> >
> > See http://lwn.net/Articles/479716/ for the full story.
> >
> > baruch
> >
>
> --
> PHP - the language of the Vogons.
> My own blog is at http://www.zak.co.il/tddpirate/
>
> My opinions, as expressed in this E-mail message, are mine alone.
> They do not represent the official policy of any organization with which
> I may be affiliated in any way.
> WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html
>
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20120227/b16863e1/attachment.html>
More information about the Linux-il
mailing list