making bbPress (and WordPress) work better!

Suhosin comes back from the dead, bringing security to newest PHP versions

수호신

While everyone has been distracted admiring PHP-NG, a great PHP project has quietly come back from the dead – Suhosin !

Suhosin is a well regarded security extension for PHP by Stefan Esser that had stopped getting updates after PHP 5.3. Perhaps it was due to more dramatic internal changes to the PHP core with 5.4 making it difficult to keep up. Linux distributions such as Debian that added Suhosin seeing its value, dropped it after updates stopped. Suhosin only worked up to PHP 5.3 – until now.

Suhosin can do neat tricks like disable EVAL and the regex /e modifier in PHP which the core of PHP cannot do by itself (or more accurately the core developers refuse to address). Suhosin also has many other options to help make PHP safer to use in a shared environment or where a server might be running a great deal of third-party code (ie. WordPress/plugins).

So, dead for years, suddenly in February 2014, Suhosin was quietly updated with this note:

From now only PHP >= 5.4 is officially supported

and then proceeded to post several fixes to make it work with not only PHP 5.5 but 5.6 alpha as well. They even added an extremely well documented ini file with all the options.

Now there are updates as recent as June and there also appears to be another person associated with the project, Ben Fuhrmannek, so maybe fresh blood is helping to renew and keep it going. They both work at SektionEins, a computer security firm in Germany.

Compiling and running the Suhosin extension against php 5.6 seems to work well.

I would like to strongly encourage everyone to donate to Suhosin to keep Stefan’s interest and motivation going in this important work. His paypal link can be found at the bottom of the Suhosin front page.

One response

  1. thanks for the heads up !

    July 24, 2014 at 5:20 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 46 other followers