Login   Register  
PHP Classes
elePHPant
Icontem

Another Serious Security Bug on PHP 5.3.9

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      PHP Classes blog  >  Another Serious Secur...  >  All threads  >  Another Serious Security Bug on PHP 5.3.9  >  (Un) Subscribe thread alerts  
Subject:Another Serious Security Bug on PHP 5.3.9
Summary:suhosin addressed bugs should be reviewed and fixed in the core
Messages:4
Author:Alexander Maassen
Date:2012-02-03 11:11:23
Update:2012-02-04 02:12:45
 

  1. Another Serious Security Bug on PHP 5.3.9   Reply  
Picture of Alexander Maassen
Alexander Maassen
2012-02-03 14:23:31
I can feel you regarding your offtopic comments regarding why core developpers step up and leave the project. So much about that.
But let's get back to the topic. The existance of suhosin itself addresses the ignorance of the current team. They've been told about issues for many years, PHP is used by a large userbase on the net, and they have to install an addon/plugin/whatever because the devs won't fix known issues.

Especially in this age, security and reliability is key. Period.

So, instead of extending php with features, maybe it's time to put them on a pile of todo and fix issues first before introducing this new features, or the community might start to turn their backs on php and switch to a language that does not have these issues.

  2. Re: Another Serious Security Bug on PHP 5.3.9   Reply  
Picture of Manuel Lemos
Manuel Lemos
2012-02-03 19:10:39 - In reply to message 1 from Alexander Maassen
Right but the problems with PHP core is that they do not reckon that the security bugs are more important than the issues caused by the methods to fix them.

For instance, it is claimed that Suhosin may cause PHP to loose 10% of performance. It seems that some core developers do not consider better security more important than any performance loss.

  3. Re: Another Serious Security Bug on PHP 5.3.9   Reply  
Picture of Alexander Maassen
Alexander Maassen
2012-02-04 00:49:02 - In reply to message 2 from Manuel Lemos
Heh, maybe the 10% performance loss is caused because everything has to be filtered using an additional plugin? Just my 2 cents :)

  4. Re: Another Serious Security Bug on PHP 5.3.9   Reply  
Picture of Manuel Lemos
Manuel Lemos
2012-02-04 02:12:45 - In reply to message 3 from Alexander Maassen
Actually it seems to be only when you have memory canary options set. These seem to be to verify if memory allocated by PHP is being used beyhond the allocated space due to eventual PHP bugs or security exploit attempts.

These would not be necessary if there are no memory usage bugs, but we never know that because there are no bug free programs.