The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EasyApache 3.9.1 problem with suhosin

Discussion in 'EasyApache' started by chrismfz, Feb 12, 2012.

  1. chrismfz

    chrismfz Well-Known Member

    Joined:
    Jul 4, 2007
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Greece
    cPanel Access Level:
    DataCenter Provider
    Except the PCRE issue with vBulletin and the curlSSL issue,
    is there a case about this:

    Code:
    PHP Startup: Suhosin Extension does not officially support PHP 5.2
    and below anymore, because it is discontinued. Use it at your own
    risk. 
    Every error_log in every single site is filling up with this if I compile php 5.2 with suhosin.

    Shouldn't somehow suhosin "vanish/disappear" from the exhaustive option list if I choose PHP 5.2.17 ?
     
  2. Vladimir S

    Vladimir S Registered

    Joined:
    Feb 12, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi.
    You can disable notifications in php.ini.

    Regards,
    Vladimir
     
  3. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    In the Suhosin changelog it talks about support for crypt() being removed. What will that break / cause problems with is for you to determine.

    Suhosin 0.9.33 also addresses CVE-2012-0807

    So running 0.9.33 on PHP 5.2.x may be problematic, and reverting back to 0.9.31 (manually fetching / compiling / installing) carries some level of risk.

    With that said, you could try this:

    • run /scripts/phpextensionmgr install PHPSuHosin
    • cd /home/cpeasyapache/phpextensions/suhosin/suhosin-0.9.33
    • edit suhosin.c to comment out the warning:

      before:
      Code:
      #endif
      #if PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION <= 2
              php_error_docref(NULL TSRMLS_CC, E_WARNING, "Suhosin Extension does not officially support PHP 5.2 and below anymore, becau$
      #endif
      
              return SUCCESS;
      

      after:
      Code:
      #endif
      /*
      #if PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION <= 2
              php_error_docref(NULL TSRMLS_CC, E_WARNING, "Suhosin Extension does not officially support PHP 5.2 and below anymore, becau$
      #endif
      */
      
              return SUCCESS;
      
    • run make install
    • make sure Suhosin is installed

      nilfer@devbox [/home/cpeasyapache/phpextensions/suhosin/suhosin-0.9.33]# php -v
      PHP 5.2.17 (cli) (built: Feb 11 2012 14:59:57)
      Copyright (c) 1997-2010 The PHP Group
      Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
      with the ionCube PHP Loader v4.0.12, Copyright (c) 2002-2011, by ionCube Ltd., and
      with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies
      with Suhosin v0.9.33, Copyright (c) 2007-2012, by SektionEins GmbH

    Then test some sites and hope for the best. I'd really have to question the viability of this solution [using Suhosin 0.9.33 on PHP 5.2.17).

    Another option would be to uninstall Suhosin 0.9.33 and then install Suhosin 0.9.31 from source (if you can find it) with the understanding that if Suhosin 0.9.31 is configured in a certain way, it is vulnerable. You'd want to make sure that your Suhosin 0.9.31 installation isn't prone to the vulnerability -- more info on that here:

    http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0296.html

    Good luck
     
    #3 mtindor, Feb 12, 2012
    Last edited: Feb 12, 2012
Loading...

Share This Page