The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[REQ] Hardened-PHP

Discussion in 'General Discussion' started by Phortje, Sep 23, 2004.

  1. Phortje

    Phortje Member

    Joined:
    Nov 14, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Please consider this feature request for cpanel. I have found remote inclusion leaks in customer scripts to be a problem. I've had several cases in which such mistakes are exploited and code was executed under the customer's privileges. Hardened-PHP would have prevented this :)

    Implemented protections (until now)

    - Canary protection of the Zend Memory Manager
    - Canary protection of Zend Linked Lists
    - Canary protection of Zend HashTable Destructors
    - Protection against internal format string exploits
    - Protection against arbitrary code inclusion
    - Configureable input variable filter (filter for size, length, number, depth)
    - Syslog logging of attackers IP

    I think this would improve cPanel's security options even more. For more information, see http://hardened-php.sourceforge.net/.

    Thanks in advance,

    Jasper Capel
     
  2. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
  3. gemby

    gemby Well-Known Member
    PartnerNOC

    Joined:
    Feb 16, 2002
    Messages:
    182
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Pula, Croatia
    cPanel Access Level:
    DataCenter Provider
    Yep, this is definatly a must have, i also considered some, but much more primitive ways to harden php, none of them work as should, and allways have some compitability issues.
    I have:

    - register_globals turned on
    - i do not use phpsuexec

    But, i have alow_url_fopen turned off, and it saves me a lot of hedaches, no more kiddies in /tmp, but i am still vulnarable....
     

Share This Page