Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57644 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 79628 invoked from network); 3 Feb 2012 08:09:42 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Feb 2012 08:09:42 -0000 Authentication-Results: pb1.pair.com header.from=stefan@nopiracy.de; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=stefan@nopiracy.de; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain nopiracy.de from 81.169.146.161 cause and error) X-PHP-List-Original-Sender: stefan@nopiracy.de X-Host-Fingerprint: 81.169.146.161 mo-p00-ob.rzone.de Solaris 10 (beta) Received: from [81.169.146.161] ([81.169.146.161:48899] helo=mo-p00-ob.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A2/94-21135-4469B2F4 for ; Fri, 03 Feb 2012 03:09:41 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1328256577; l=1323; s=domk; d=nopiracy.de; h=To:References:Content-Transfer-Encoding:Cc:Date:In-Reply-To:From: Content-Type:Mime-Version:Subject:X-RZG-CLASS-ID:X-RZG-AUTH; bh=7IrifN15uDYv0stEqChc+7YztCc=; b=jaOAPy28wjCVVGY+QCeTXUzWCU6tk8ilmaWyxe5Y1PL6mRTHLuSQRI7HZxRd1qLplj0 D+vVj2bnzhofCDMoFXbWJzt50u1gBLp5JSiiaYqE9Fxv5CJKBkQKzyJLGqDaEW2uTLUj8 XmOgRbNtpUaThPxdd8k58P3kbZyLy9tCuRA= X-RZG-AUTH: :OH4FY0Wkd/plSHgwfKFIgHoVYx5SSathkA9OvI+ii+JXGfvQUzm/Ahii7iullNGyVg== X-RZG-CLASS-ID: mo00 Received: from [10.23.17.42] (cable-78-34-71-151.netcologne.de [78.34.71.151]) by smtp.strato.de (cohen mo61) (RZmta 27.6 DYNA|AUTH) with (AES128-SHA encrypted) ESMTPA id o0031co1383GrJ ; Fri, 3 Feb 2012 09:09:28 +0100 (MET) Mime-Version: 1.0 (Apple Message framework v1251.1) Content-Type: text/plain; charset=utf-8 In-Reply-To: <4F2B7CFD.4050709@anderiasch.de> Date: Fri, 3 Feb 2012 09:09:27 +0100 Cc: PHP internals , Debian PHP Maintainers Content-Transfer-Encoding: quoted-printable Message-ID: <44BC85BC-32E6-42E7-984D-1108D6F5BF49@nopiracy.de> References: <1328228902.3385.151.camel@fermat.scientia.net> <4F2B7CFD.4050709@anderiasch.de> To: Florian Anderiasch X-Mailer: Apple Mail (2.1251.1) Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: stefan@nopiracy.de (Stefan Esser) Hey Florian, > Now that's something I didn't read from Ond=C5=99ej's mail, but = delivering > the packages with and without suhosin would, while being more work, > certainly the most helpful way for users. Then again I'd gladly help = if > there's anything of this additional work that can be done. people are constantly ignoring the fact that Suhosin-PHP listens to = several environment variables: SUHOSIN_MM_USE_CANARY_PROTECTION default =3D 1 SUHOSIN_MM_DESTROY_FREE_MEMORY default =3D 0 SUHOSIN_MM_IGNORE_CANARY_VIOLATION default =3D 0 SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR default =3D 0 SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR default =3D 0 By configuring these environment variables you can disable the canary = protection that is "eating tons of memory and speed" (which is greatly = exaggerated by people). You don't need to have two compiled packages. You can just DISABLE = Suhosin to 90% with these flags - or make it even stronger by telling it = to sanitize all freed memory. BTW: The Debian PHP maintainers know about these flags, because I = repeatedly mentioned them in my answers to them. Also the Debian PHP = maintainers patched the code of these environment variables 2 years = back. So not knowing about them is just an excuse (if they bring it up). Regards, Stefan=