 RSS2 Feed |
 |
 | Hardened-PHP |  |
|
|
i tracked down a problem in the unserialize function of php 4.3.10 and 5.0.3 with vbulletin on my box.
the vB support advised me to try hardened php. but the dbg.so module don't load with this version. Failed loading dbg.so: dbg.so: cannot open shared object file: No such file or directory the module name and path are correct. is it possible to get a dbg.so for hardenend php? |
|||||||||||
|
|||||||||||||
Posted: Sat Jan 08, 2005 12:59 pm
 |
| |
|
Site Admin
|
|
Check Access Rights on the file. It should be world-readable.
Also double-check filename and path. Make also sure extension=dbg.so-4.3.10 does NOT contain path to the file. |
|||||||||||
|
|||||||||||||
|
| |
|
|
its php 4.3.9 hardened 0.26
modules are in /usr/lib/php/modules all are 755 and owned by apache -rwxr-xr-x 1 apache apache 102244 Dez 24 21:44 dbg.so debugger.ini says: [debugger] zend_extension=dbg.so debugger.enabled = true debugger.profiler_enabled = true debugger.JIT_host = clienthost debugger.JIT_port = 7869 // edit ok, with extension it works ... strange, coz eaccelerator loads with zend_extension .... hmm, but php_error.log: Module compiled with module API=20020429, debug=0, thread-safety=0 PHP compiled with module API=1020041222, debug=0, thread-safety=0 These options need to match in Unknown on line 0 |
|||||||||||
|
|||||||||||||
|
| |
|
Site Admin
|
|
zend_extension should always contain path while extension should never.
Regarding API incompatibility - you have to install dbg.so that corresponds to your version of php. E.g. if you have php-5.0.3 you need dbg.so-5.0.3 |
|||||||||||
|
|||||||||||||
|
| |
|
|
the hardened patch, changes the zend engine.
i copied the dbg.so for 4.3.9 and use php 4.3.9 |
|||||||||||
|
|||||||||||||
|
| |
|
Site Admin
|
|
If it changes module API version, it means that it also changes the API itself. So it is not safe to load dbg compiled with original API.
BTW, why did you apply the patch ? |
|||||||||||
|
|||||||||||||
|
| |
|
|
i don't know en detail what is changed within zend.
i appplied the patch due to security reasons. i cannot upgrade to 4.3.10 or 5.0.3 coz the adjusted unserialize function is much slower than before. http://bugs.php.net/bug.php?id=31332 vbulletin uses this for its caching mechanism. for tracking this issue down i used the profiler. 4.3.9 takes 300ms for unserializing 4.3.10 takes 17s and more. the forum gets unusable ;( so the vbulletin support advised to try hardened php to get the same security results as php 4.3.10 http://www.hardened-php.net/ |
|||||||||||
|
|||||||||||||
|
| |
|
Site Admin
|
|
Thanks for the explanation and the links. I'll check out what happens here.
|
|||||||||||
|
|||||||||||||
|
| |
|
|
thx again for this really good support !!!
|
|||||||||||
|
|||||||||||||
|
 | Hardened-PHP | |
|
||
|
|
|
Content © NuSphere Corp., PHP IDE team
Powered by phpBB © phpBB Group, Design by phpBBStyles.com | Styles Database.
Powered by
Powered by phpBB © phpBB Group, Design by phpBBStyles.com | Styles Database.
Powered by