Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57625 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 53689 invoked from network); 2 Feb 2012 17:37:22 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Feb 2012 17:37:22 -0000 Authentication-Results: pb1.pair.com smtp.mail=smalyshev@sugarcrm.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=smalyshev@sugarcrm.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain sugarcrm.com designates 67.192.241.163 as permitted sender) X-PHP-List-Original-Sender: smalyshev@sugarcrm.com X-Host-Fingerprint: 67.192.241.163 smtp163.dfw.emailsrvr.com Linux 2.6 Received: from [67.192.241.163] ([67.192.241.163:38356] helo=smtp163.dfw.emailsrvr.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 59/47-04454-1D9CA2F4 for ; Thu, 02 Feb 2012 12:37:21 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp16.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id A989E401AC; Thu, 2 Feb 2012 12:37:18 -0500 (EST) X-Virus-Scanned: OK Received: by smtp16.relay.dfw1a.emailsrvr.com (Authenticated sender: smalyshev-AT-sugarcrm.com) with ESMTPSA id 68FBD403F7; Thu, 2 Feb 2012 12:37:15 -0500 (EST) Message-ID: <4F2AC9CA.2070308@sugarcrm.com> Date: Thu, 02 Feb 2012 09:37:14 -0800 Organization: SugarCRM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: Reindl Harald CC: "internals@lists.php.net" References: <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <4F2A9378.70803@thelounge.net> In-Reply-To: <4F2A9378.70803@thelounge.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: smalyshev@sugarcrm.com (Stas Malyshev) Hi! > yes, but suhosin-extension and hardening patch exists since many years > > the question from a normal user: > why are these things not included in the core? Because some of these things slow down the code and thus may not be beneficial to the most users. > especially the option to disable function by directory while > "disable_functions" is stupidity shown in phpinfo() per dir > but never active? With this feature this may not be a problem, however (I don't know, didn't look into the actual code). But somebody has to propose it for inclusion into the core and lead it - i.e. answer questions, participate in the discussion, change/maintain the patches, etc. If this happens, I don't see why some of the features can't be brought into code. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227