Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

[REQ] Hardened-PHP

Discussion in 'General Discussion' started by Phortje, Sep 23, 2004.

  1. Phortje

    Phortje Member

    Joined:
    Nov 14, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    151
    Please consider this feature request for cpanel. I have found remote inclusion leaks in customer scripts to be a problem. I've had several cases in which such mistakes are exploited and code was executed under the customer's privileges. Hardened-PHP would have prevented this :)

    Implemented protections (until now)

    - Canary protection of the Zend Memory Manager
    - Canary protection of Zend Linked Lists
    - Canary protection of Zend HashTable Destructors
    - Protection against internal format string exploits
    - Protection against arbitrary code inclusion
    - Configureable input variable filter (filter for size, length, number, depth)
    - Syslog logging of attackers IP

    I think this would improve cPanel's security options even more. For more information, see http://hardened-php.sourceforge.net/.

    Thanks in advance,

    Jasper Capel
     
  2. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    318
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. gemby

    gemby Well-Known Member
    PartnerNOC

    Joined:
    Feb 16, 2002
    Messages:
    182
    Likes Received:
    0
    Trophy Points:
    316
    Location:
    Pula, Croatia
    cPanel Access Level:
    DataCenter Provider
    Yep, this is definatly a must have, i also considered some, but much more primitive ways to harden php, none of them work as should, and allways have some compitability issues.
    I have:

    - register_globals turned on
    - i do not use phpsuexec

    But, i have alow_url_fopen turned off, and it saves me a lot of hedaches, no more kiddies in /tmp, but i am still vulnarable....
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice