Skip to main content

Adding More Protection Layer on PHP

PHP is a well known and popular programming language that has been considered mature for years. It has a big community behind the stage and it's been used in most websites due to it's nature of being an open source project and widely supported by many Linux distributions.

Unfortunately, lately, they have been struggling to work with their security problems and even with Stefan Esser's help to improve the project, their ego was too high, so they ignored some of his proposal to improve PHP's security core. At the end, Stefan released Suhosin project to help users to get the better PHP service from the security point of view.

I always installed Suhosin on my servers since lately, PHP has changed it's way of rolling releases and it's not as often as it used to be. Some critical fixes are in pending for months until it's rolled out to users and sometimes, it's kinda late to prevent exploits coming around.

There are two ways of installing Suhosin. The first one comes as a PHP patch which will be used against PHP source code prior compilation and the second option come as an extension. If you plan to compile your first PHP and release it as a bundle, it's better for you to pick the first option as it will patch PHP directly into the source. However, sometimes you have your PHP up and running and you want to add additional security layer on top of it and that's when the second option is preferred.

Here's how you compile and install Suhosin on top of running PHP
  • Download the latest release of Suhosin Extension
  • Extract the package (tar -xzvf suhosin-0.9.33.tgz)
  • Change to suhosin directory (cd suhosin-0.9.33)
  • Ran the magic command (phpize; ./configure; make;)
  • Install the package using root account (make install
  • Add this line into your php.ini file (extension=suhosin.so)
  • Add the appropriate location of the module in extension_dir variable in php.ini
  • Restart your Apache (/etc/rc.d/rc.httpd restart)
  • Confirm your PHP is protected by Suhosin (php -v)
  • If you ran the phpinfo() function, you will get something like this

Popular posts from this blog

Running Rsync Via Proxy

One way to get the latest Slackware updates is by running rsync to syncronize your local repository and the main repository that hold the Slackware packages. Eric Hameleers has provided a great script called rsync_current.sh and how i modified this tool has been discussed on my previous post. In general, it works, except for one problem, when your computer is connecting to the Internet through a proxy.

My workstation at my office is connected to the Internet through a proxy, so i can't use normal rsync to work normally. I browsed the web and i found this site which tells us about how we should modify our squid configuration to allow rsync connection from any computer from our local networks. I asked my sysadmin to try this script. He agreed and he updated the squid configuration on the proxy.

Next, i need to update my environment variable RSYNC_PROXY to the host of the proxy and also the port. Let's say you are running a proxy on 192.168.1.1 and port 8080, then you need to run …

NVidia Legacy Unix Driver Update

NVidia has released an updated legacy drivers to support X.Org 1.19 with ABI 23. It has been mentioned in the UNIX drivers, but you can directly find the drivers from the links below:
NVidia 304.134 (x86x86_64)NVidia 340.101 (x86, x86_64) I have tested the 304.134 driver and it's working great here. I can finally remove x from my /etc/slackpkg/blacklist file since it's a showstopper for me.
Aside from legacy driver, NVidia has also released their latest driver 375.26 (x86, x86_64), which brings support for newer cards and also many new features (including X.Org 1.19 with ABI 23 support). 

Security Update: firefox, irssi, pidgin

Three security updates were released for today:
firefox: Upgraded to 45.4.0esr for 14.1 and 14.2 and 49.0 for currentirssi: Upgraded to 0.8.20pidgin: Upgraded to 2.10.11, 2.10.12, and 2.11.0 for all stable Slackware releases depending on their support Some minor update in current:
mkinitrd: Add dmsetup supportemacs: Upgraded to 25.1qt: Fix multilib issue network-scripts: Fix minor issue