suhosin.executor.func.blacklist does not appear in phpinfo and seems not to be workin

soulshepard

soulshepard

Verified User
Joined
Feb 7, 2008
Messages
128
dear all,

i installed suhosin the patch on my server (together with mod_ruid2), i have php 5.2.17 and patched the suhosin patch 5.2.16 according to the search and replace method as named on the forum:

my version:
Code: 
cd /usr/local/directadmin/custombuild 
rm -rf php* 
./build update 
./build set clean no 
tar xzf php-5.2.17.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.16-0.9.7.patch.gz
gunzip suhosin-patch-5.2.16-0.9.7.patch.gz
mv suhosin-patch-5.2.16-0.9.7.patch suhosin-patch-5.2.17-0.9.7.patch
sed -i 's/5.2.16/5.2.17/g' suhosin-patch-5.2.17-0.9.7.patch 
patch -p0 < suhosin-patch-5.2.17-0.9.7.patch
vi build  #check for every FILE=${CWD}/php-${PHP5_VER} line and at 3 line down comment this corresponding line 
zie: http://www.directadmin.com/forum/archive/index.php/t-35646.html
./build php n
./build set clean yes

now when i look at the php -v info i see its compiled

Code: 
PHP 5.2.17 with Suhosin-Patch 0.9.7 (cli) (built: Feb 20 2012 09:41:28)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
    with the ionCube PHP Loader v4.0.5, Copyright (c) 2002-2011, by ionCube Ltd.

and i have a custom template

Code: 
|?DOCROOT=`HOME`/domains/`DOMAIN`/public_html|
|?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/var/tmp:/usr/local/lib/php/|
<VirtualHost |IP|:80 |MULTI_IP|>

|?CGI=ScriptAlias /cgi-bin/ `DOCROOT`/cgi-bin/|
        ServerName www.|DOMAIN|
        ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES|
        ServerAdmin |ADMIN|
        DocumentRoot |DOCROOT|
        |CGI|

        |USECANONICALNAME|

        #SuexecUserGroup |USER| |GROUP|
        RMode config
        RUidGid |USER| |GROUP|
        RGroups apache
        |CUSTOM|
        #RDocumentChRoot /home/|USER| |DOCROOT|
        CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
        CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
        ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log

        <Directory |DOCROOT|>
                Options +Includes -Indexes
        php_admin_value upload_tmp_dir "/home/|USER|/tmp"
        php_admin_value suhosin.executor.func.blacklist "system, shell_exec, exec, passthru, php_uname, popen, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid,posix_setgid, posix_uname, proc_close, proc_nice, proc_open, proc_terminate"
        php_admin_value session.save_path "/home/|USER|/tmp"
        php_admin_value soap.wsdl_cache_dir "/home/|USER|/tmp"
        php_admin_value eaccelerator.cache_dir "/home/|USER|/tmp/eaccelerator"
|*if CLI="1"|
                php_admin_flag engine |PHP|
                <IfModule !mod_php6.c>
                        php_admin_flag safe_mode |SAFE_MODE|
                </IfModule>
                php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|'
|*endif|
|*if OPEN_BASEDIR="ON"|
                php_admin_value open_basedir |OPEN_BASEDIR_PATH|
|*endif|
|*if SUPHP="1"|
                suPHP_Engine |PHP|
                suPHP_UserGroup |USER| |GROUP|
|*endif|
        </Directory>
        <Location /phpMyAdmin>
                RMode config
                RUidGid webapps webapps
                RGroups apache
        </Location>
        <Location /phpmyadmin>
                RMode config
                RUidGid webapps webapps
                RGroups apache
        </Location>
        <Location /squirrelmail>
                RMode config
                RUidGid webapps webapps
                RGroups apache
        </Location>
        <Location /roundcube>
                RMode config
                RUidGid webapps webapps
                RGroups apache
        </Location>
        <Location /uebimiau>
                RMode config
                RUidGid webapps webapps
                RGroups apache
        </Location>
        <Location /webmail>
                RMode config
                RUidGid webapps webapps
                RGroups apache
        </Location>
        <Location /atmail>
                RMode config
                RUidGid webapps webapps
                RGroups apache
        </Location>
|HANDLERS|
|MIMETYPES|

</VirtualHost>

but when i tried to test a disabled function it seems all functions were enabled!
like i add curl_init or curl_exec

further i do not see with phpinfo()
and blacklist named!!!

does anyone had or has this?

this is the first time i try to get suhosin the patch to work. as it seems it might be the best choice for using suhosin vs the module. purhaps i am better off checking the module or as i read people also use both?!
 
soulshepard said:
this is the first time i try to get suhosin the patch to work. as it seems it might be the best choice for using suhosin vs the module. purhaps i am better off checking the module or as i read people also use both?!
Click to expand...

As it was already mentioned, did you run rewriting of all VirtualHosts configs?

http://help.directadmin.com/item.php?id=2

Code: 
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
 
[solved]

thanks guys, yes i did rewrite the configs. but as this was my first steps with suhosin. i think i made the "classic" mistake. the patch is seperate from the module. this patch gives "extra" and the module give the normal things like the suhosin filter. in my assumption i thought the patch was enough ;) as i did read the site also but somehow overread it ;)

hope this will help future suhosin users ;)

thanks guys

soul
 
You must log in or register to reply here.
Back
Top