[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds

Hello Pierre,

> About the current flaw affecting 5.3/4, PHP and suhosin had bugs, and
> will have bugs. This is not really hot news. That does not affect this
> discussion.

I know that for many years you have not understood the idea behind Suhosin, the concept of exploit mitigations.

The only reason why Suhosin exists is because there will ALWAYS be bugs. And because that is a fact you must have safe guards in case something goes wrong.
Suhosin/HPHP provides this safe guard for 8 years to the PHP community.

Ideas like: I haven't seen much bugs lately so lets drop all the safe guards is like not paying for your life insurance anymore, because you haven't died too often recently.

BTW: You should really really look into the history of PHP security and check for each of the last 8 years how many features were in Suhosin and later merged into PHP because of some nasty security problem.
You will see that at least 2 features of Suhosin per year were merged into PHP.

And there are many many good reasons, why Suhosin must be external to PHP.
The most obvious one is that the code is clearly separated, so that not someone of the hundred PHP commiters accidently breaks a safe guard.

Stefan Esser

Reply to: