481 lines
21 KiB
Plaintext
481 lines
21 KiB
Plaintext
$OpenBSD: patch-php_ini-production,v 1.7 2012/08/05 12:00:54 sthen Exp $
|
|
--- php.ini-production.orig.port Thu Dec 15 10:31:02 2011
|
|
+++ php.ini-production Wed Jan 18 13:57:26 2012
|
|
@@ -793,11 +793,8 @@ default_mimetype = "text/html"
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
; UNIX: "/path1:/path2"
|
|
-;include_path = ".:/php/includes"
|
|
+include_path = ".:OPENBSD_INCLUDE_PATH"
|
|
;
|
|
-; Windows: "\path1;\path2"
|
|
-;include_path = ".;c:\php\includes"
|
|
-;
|
|
; PHP's default setting for include_path is ".;/path/to/php/pear"
|
|
; http://php.net/include-path
|
|
|
|
@@ -819,6 +816,7 @@ user_dir =
|
|
; extension_dir = "./"
|
|
; On windows:
|
|
; extension_dir = "ext"
|
|
+extension_dir = "MODULES_DIR"
|
|
|
|
; Whether or not to enable the dl() function. The dl() function does NOT work
|
|
; properly in multithreaded servers, such as IIS or Zeus, and is automatically
|
|
@@ -899,7 +897,7 @@ max_file_uploads = 20
|
|
|
|
; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
|
|
; http://php.net/allow-url-fopen
|
|
-allow_url_fopen = On
|
|
+allow_url_fopen = Off
|
|
|
|
; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
|
|
; http://php.net/allow-url-include
|
|
@@ -1906,6 +1904,446 @@ ldap.max_links = -1
|
|
|
|
[dba]
|
|
;dba.default_handler=
|
|
+
|
|
+[suhosin]
|
|
+
|
|
+; -----------------------------------------------------------------------------
|
|
+; Logging Options
|
|
+
|
|
+; Defines what classes of security alerts are logged to the syslog daemon.
|
|
+; Logging of errors of the class S_MEMORY are always logged to syslog, no
|
|
+; matter what this configuration says, because a corrupted heap could mean that
|
|
+; the other logging options will malfunction during the logging process.
|
|
+;suhosin.log.syslog =
|
|
+
|
|
+; Defines the syslog facility that is used when ALERTs are logged to syslog.
|
|
+;suhosin.log.syslog.facility =
|
|
+
|
|
+; Defines the syslog priority that is used when ALERTs are logged to syslog.
|
|
+;suhosin.log.syslog.priority =
|
|
+
|
|
+; Defines what classes of security alerts are logged through the SAPI error log.
|
|
+;suhosin.log.sapi =
|
|
+
|
|
+; Defines what classes of security alerts are logged through the external
|
|
+; logging.
|
|
+;suhosin.log.script =
|
|
+
|
|
+; Defines what classes of security alerts are logged through the defined PHP
|
|
+; script.
|
|
+;suhosin.log.phpscript = 0
|
|
+
|
|
+; Defines the full path to a external logging script. The script is called with
|
|
+; 2 parameters. The first one is the alert class in string notation and the
|
|
+; second parameter is the log message. This can be used for example to mail
|
|
+; failing MySQL queries to your email address, because on a production system
|
|
+; these things should never happen.
|
|
+;suhosin.log.script.name =
|
|
+
|
|
+; Defines the full path to a PHP logging script. The script is called with 2
|
|
+; variables registered in the current scope: SUHOSIN_ERRORCLASS and
|
|
+; SUHOSIN_ERROR. The first one is the alert class and the second variable is
|
|
+; the log message. This can be used for example to mail attempted remote URL
|
|
+; include attacks to your email address.
|
|
+;suhosin.log.phpscript.name =
|
|
+
|
|
+; Undocumented
|
|
+;suhosin.log.phpscript.is_safe = Off
|
|
+
|
|
+; When the Hardening-Patch logs an error the log message also contains the IP
|
|
+; of the attacker. Usually this IP is retrieved from the REMOTE_ADDR SAPI
|
|
+; environment variable. With this switch it is possible to change this behavior
|
|
+; to read the IP from the X-Forwarded-For HTTP header. This is f.e. necessary
|
|
+; when your PHP server runs behind a reverse proxy.
|
|
+;suhosin.log.use-x-forwarded-for = Off
|
|
+
|
|
+; -----------------------------------------------------------------------------
|
|
+; Executor Options
|
|
+
|
|
+; Defines the maximum stack depth allowed by the executor before it stops the
|
|
+; script. Without this function an endless recursion in a PHP script could
|
|
+; crash the PHP executor or trigger the configured memory_limit. A value of
|
|
+; "0" disables this feature.
|
|
+;suhosin.executor.max_depth = 0
|
|
+
|
|
+; Defines how many "../" an include filename needs to contain to be considered
|
|
+; an attack and stopped. A value of "2" will block "../../etc/passwd", while a
|
|
+; value of "3" will allow it. Most PHP applications should work flawlessly with
|
|
+; values "4" or "5". A value of "0" disables this feature.
|
|
+;suhosin.executor.include.max_traversal = 0
|
|
+
|
|
+; Comma separated whitelist of URL schemes that are allowed to be included from
|
|
+; include or require statements. Additionally to URL schemes it is possible to
|
|
+; specify the beginning of allowed URLs. (f.e.: php://stdin) If no whitelist is
|
|
+; specified, then the blacklist is evaluated.
|
|
+;suhosin.executor.include.whitelist =
|
|
+
|
|
+; Comma separated blacklist of URL schemes that are not allowed to be included
|
|
+; from include or require statements. Additionally to URL schemes it is
|
|
+; possible to specify the beginning of allowed URLs. (f.e.: php://stdin) If no
|
|
+; blacklist and no whitelist is specified all URL schemes are forbidden.
|
|
+;suhosin.executor.include.blacklist =
|
|
+
|
|
+; Defines if PHP is allows to run code from files that are writable by the
|
|
+; current process. If a file is created or modified by a PHP process, there
|
|
+; is a potential danger of code injection. Only turn this on if you are sure
|
|
+; that your application does not require writable PHP files.
|
|
+;suhosin.executor.include.allow_writable_files = On
|
|
+
|
|
+; Comma separated whitelist of functions that are allowed to be called. If the
|
|
+; whitelist is empty the blacklist is evaluated, otherwise calling a function
|
|
+; not in the whitelist will terminate the script and get logged.
|
|
+;suhosin.executor.func.whitelist =
|
|
+
|
|
+; Comma separated blacklist of functions that are not allowed to be called. If
|
|
+; no whitelist is given, calling a function within the blacklist will terminate
|
|
+; the script and get logged.
|
|
+;suhosin.executor.func.blacklist =
|
|
+
|
|
+; Comma separated whitelist of functions that are allowed to be called from
|
|
+; within eval(). If the whitelist is empty the blacklist is evaluated,
|
|
+; otherwise calling a function not in the whitelist will terminate the script
|
|
+; and get logged.
|
|
+;suhosin.executor.eval.whitelist =
|
|
+
|
|
+; Comma separated blacklist of functions that are not allowed to be called from
|
|
+; within eval(). If no whitelist is given, calling a function within the
|
|
+; blacklist will terminate the script and get logged.
|
|
+;suhosin.executor.eval.blacklist =
|
|
+
|
|
+; eval() is a very dangerous statement and therefore you might want to disable
|
|
+; it completely. Deactivating it will however break lots of scripts. Because
|
|
+; every violation is logged, this allows finding all places where eval() is
|
|
+; used.
|
|
+;suhosin.executor.disable_eval = Off
|
|
+
|
|
+; The /e modifier inside preg_replace() allows code execution. Often it is the
|
|
+; cause for remote code execution exploits. It is wise to deactivate this
|
|
+; feature and test where in the application it is used. The developer using the
|
|
+; /e modifier should be made aware that he should use preg_replace_callback()
|
|
+; instead.
|
|
+;suhosin.executor.disable_emodifier = Off
|
|
+
|
|
+; This flag reactivates symlink() when open_basedir is used, which is disabled
|
|
+; by default in Suhosin >= 0.9.6. Allowing symlink() while open_basedir is used
|
|
+; is actually a security risk.
|
|
+;suhosin.executor.allow_symlink = Off
|
|
+
|
|
+; -----------------------------------------------------------------------------
|
|
+; Misc Options
|
|
+
|
|
+; If you fear that Suhosin breaks your application, you can activate Suhosin's
|
|
+; simulation mode with this flag. When Suhosin runs in simulation mode,
|
|
+; violations are logged as usual, but nothing is blocked or removed from the
|
|
+; request. (Transparent features are NOT deactivated in simulation mode.)
|
|
+; (since v0.9.30 affects (dis)allowed functions)
|
|
+;suhosin.simulation = Off
|
|
+
|
|
+; APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot
|
|
+; first. It always uses resource slot 0. If Suhosin got this slot assigned APC
|
|
+; will overwrite the information Suhosin stores in this slot. When this flag is
|
|
+; set Suhosin will request 2 Slots and use the second one. This allows working
|
|
+; correctly with these buggy APC versions.
|
|
+;suhosin.apc_bug_workaround = Off
|
|
+
|
|
+; When a SQL Query fails scripts often spit out a bunch of useful information
|
|
+; for possible attackers. When this configuration directive is turned on, the
|
|
+; script will silently terminate, after the problem has been logged. (This is
|
|
+; not yet supported)
|
|
+;suhosin.sql.bailout_on_error = Off
|
|
+
|
|
+; This is an experimental feature for shared environments. With this
|
|
+; configuration option it is possible to specify a prefix that is automatically
|
|
+; prepended to the database username, whenever a database connection is made.
|
|
+; (Unless the username starts with the prefix)
|
|
+;suhosin.sql.user_prefix =
|
|
+
|
|
+; This is an experimental feature for shared environments. With this
|
|
+; configuration option it is possible to specify a postfix that is
|
|
+; automatically appended to the database username, whenever a database
|
|
+; connection is made. (Unless the username end with the postfix)
|
|
+;
|
|
+; With this feature it is possible for shared hosters to disallow customers to
|
|
+; connect with the usernames of other customers. This feature is experimental,
|
|
+; because support for PDO and PostgreSQL are not yet implemented.
|
|
+;suhosin.sql.user_postfix =
|
|
+
|
|
+; This directive controls if multiple headers are allowed or not in a header()
|
|
+; call. By default the Hardening-Patch forbids this. (HTTP headers spanning
|
|
+; multiple lines are still allowed).
|
|
+;suhosin.multiheader = Off
|
|
+
|
|
+; This directive controls if the mail() header protection is activated or not
|
|
+; and to what degree it is activated. The appended table lists the possible
|
|
+; activation levels.
|
|
+suhosin.mail.protect = 1
|
|
+
|
|
+; As long scripts are not running within safe_mode they are free to change the
|
|
+; memory_limit to whatever value they want. Suhosin changes this fact and
|
|
+; disallows setting the memory_limit to a value greater than the one the script
|
|
+; started with, when this option is left at 0. A value greater than 0 means
|
|
+; that Suhosin will disallows scripts setting the memory_limit to a value above
|
|
+; this configured hard limit. This is for example usefull if you want to run
|
|
+; the script normaly with a limit of 16M but image processing scripts may raise
|
|
+; it to 20M.
|
|
+;suhosin.memory_limit = 0
|
|
+
|
|
+; -----------------------------------------------------------------------------
|
|
+; Transparent Encryption Options
|
|
+
|
|
+; Flag that decides if the transparent session encryption is activated or not.
|
|
+;suhosin.session.encrypt = On
|
|
+
|
|
+; Session data can be encrypted transparently. The encryption key used consists
|
|
+; of this user defined string (which can be altered by a script via ini_set())
|
|
+; and optionally the User-Agent, the Document-Root and 0-4 Octects of the
|
|
+; REMOTE_ADDR.
|
|
+;suhosin.session.cryptkey =
|
|
+
|
|
+; Flag that decides if the transparent session encryption key depends on the
|
|
+; User-Agent field. (When activated this feature transparently adds a little
|
|
+; bit protection against session fixation/hijacking attacks)
|
|
+;suhosin.session.cryptua = On
|
|
+
|
|
+; Flag that decides if the transparent session encryption key depends on the
|
|
+; Documentroot field.
|
|
+;suhosin.session.cryptdocroot = On
|
|
+
|
|
+; Number of octets (0-4) from the REMOTE_ADDR that the transparent session
|
|
+; encryption key depends on. Keep in mind that this should not be used on sites
|
|
+; that have visitors from big ISPs, because their IP address often changes
|
|
+; during a session. But this feature might be interesting for admin interfaces
|
|
+; or intranets. When used wisely this is a transparent protection against
|
|
+; session hijacking/fixation.
|
|
+;suhosin.session.cryptraddr = 0
|
|
+
|
|
+; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
|
|
+; session. The difference to suhosin.session.cryptaddr is, that the IP is not
|
|
+; part of the encryption key, so that the same session can be used for
|
|
+; different areas with different protection levels on the site.
|
|
+;suhosin.session.checkraddr = 0
|
|
+
|
|
+; Flag that decides if the transparent cookie encryption is activated or not.
|
|
+;suhosin.cookie.encrypt = 0
|
|
+
|
|
+; Cookies can be encrypted transparently. The encryption key used consists of
|
|
+; this user defined string and optionally the User-Agent, the Document-Root and
|
|
+; 0-4 Octects of the REMOTE_ADDR.
|
|
+;suhosin.cookie.cryptkey =
|
|
+
|
|
+; Flag that decides if the transparent session encryption key depends on the
|
|
+; User-Agent field. (When activated this feature transparently adds a little
|
|
+; bit protection against session fixation/hijacking attacks (if only session
|
|
+; cookies are allowed))
|
|
+;suhosin.cookie.cryptua = On
|
|
+
|
|
+; Flag that decides if the transparent cookie encryption key depends on the
|
|
+; Documentroot field.
|
|
+;suhosin.cookie.cryptdocroot = On
|
|
+
|
|
+; Number of octets (0-4) from the REMOTE_ADDR that the transparent cookie
|
|
+; encryption key depends on. Keep in mind that this should not be used on sites
|
|
+; that have visitors from big ISPs, because their IP address often changes
|
|
+; during a session. But this feature might be interesting for admin interfaces
|
|
+; or intranets. When used wisely this is a transparent protection against
|
|
+; session hijacking/fixation.
|
|
+;suhosin.cookie.cryptraddr = 0
|
|
+
|
|
+; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
|
|
+; cookie. The difference to suhosin.cookie.cryptaddr is, that the IP is not
|
|
+; part of the encryption key, so that the same cookie can be used for different
|
|
+; areas with different protection levels on the site.
|
|
+;suhosin.cookie.checkraddr = 0
|
|
+
|
|
+; In case not all cookies are supposed to get encrypted this is a comma
|
|
+; separated list of cookie names that should get encrypted. All other cookies
|
|
+; will not get touched.
|
|
+;suhosin.cookie.cryptlist =
|
|
+
|
|
+; In case some cookies should not be crypted this is a comma separated list of
|
|
+; cookies that do not get encrypted. All other cookies will be encrypted.
|
|
+;suhosin.cookie.plainlist =
|
|
+
|
|
+; -----------------------------------------------------------------------------
|
|
+; Filtering Options
|
|
+
|
|
+; Defines the reaction of Suhosin on a filter violation.
|
|
+;suhosin.filter.action =
|
|
+
|
|
+; Defines the maximum depth an array variable may have, when registered through
|
|
+; the COOKIE.
|
|
+;suhosin.cookie.max_array_depth = 50
|
|
+
|
|
+; Defines the maximum length of array indices for variables registered through
|
|
+; the COOKIE.
|
|
+;suhosin.cookie.max_array_index_length = 64
|
|
+
|
|
+; Defines the maximum length of variable names for variables registered through
|
|
+; the COOKIE. For array variables this is the name in front of the indices.
|
|
+;suhosin.cookie.max_name_length = 64
|
|
+
|
|
+; Defines the maximum length of the total variable name when registered through
|
|
+; the COOKIE. For array variables this includes all indices.
|
|
+;suhosin.cookie.max_totalname_length = 256
|
|
+
|
|
+; Defines the maximum length of a variable that is registered through the
|
|
+; COOKIE.
|
|
+;suhosin.cookie.max_value_length = 10000
|
|
+
|
|
+; Defines the maximum number of variables that may be registered through the
|
|
+; COOKIE.
|
|
+;suhosin.cookie.max_vars = 100
|
|
+
|
|
+; When set to On ASCIIZ chars are not allowed in variables.
|
|
+;suhosin.cookie.disallow_nul = 1
|
|
+
|
|
+; Defines the maximum depth an array variable may have, when registered through
|
|
+; the URL
|
|
+;suhosin.get.max_array_depth = 50
|
|
+
|
|
+; Defines the maximum length of array indices for variables registered through
|
|
+; the URL
|
|
+;suhosin.get.max_array_index_length = 64
|
|
+
|
|
+; Defines the maximum length of variable names for variables registered through
|
|
+; the URL. For array variables this is the name in front of the indices.
|
|
+;suhosin.get.max_name_length = 64
|
|
+
|
|
+; Defines the maximum length of the total variable name when registered through
|
|
+; the URL. For array variables this includes all indices.
|
|
+;suhosin.get.max_totalname_length = 256
|
|
+
|
|
+; Defines the maximum length of a variable that is registered through the URL.
|
|
+;suhosin.get.max_value_length = 512
|
|
+
|
|
+; Defines the maximum number of variables that may be registered through the
|
|
+; URL.
|
|
+;suhosin.get.max_vars = 100
|
|
+
|
|
+; When set to On ASCIIZ chars are not allowed in variables.
|
|
+;suhosin.get.disallow_nul = 1
|
|
+
|
|
+; Defines the maximum depth an array variable may have, when registered through
|
|
+; a POST request.
|
|
+;suhosin.post.max_array_depth = 50
|
|
+
|
|
+; Defines the maximum length of array indices for variables registered through
|
|
+; a POST request.
|
|
+;suhosin.post.max_array_index_length = 64
|
|
+
|
|
+; Defines the maximum length of variable names for variables registered through
|
|
+; a POST request. For array variables this is the name in front of the indices.
|
|
+;suhosin.post.max_name_length = 64
|
|
+
|
|
+; Defines the maximum length of the total variable name when registered through
|
|
+; a POST request. For array variables this includes all indices.
|
|
+;suhosin.post.max_totalname_length = 256
|
|
+
|
|
+; Defines the maximum length of a variable that is registered through a POST
|
|
+; request.
|
|
+;suhosin.post.max_value_length = 1000000
|
|
+
|
|
+; Defines the maximum number of variables that may be registered through a POST
|
|
+; request.
|
|
+;suhosin.post.max_vars = 1000
|
|
+
|
|
+; When set to On ASCIIZ chars are not allowed in variables.
|
|
+;suhosin.post.disallow_nul = 1
|
|
+
|
|
+; Defines the maximum depth an array variable may have, when registered through
|
|
+; GET , POST or COOKIE. This setting is also an upper limit for the separate
|
|
+; GET, POST, COOKIE configuration directives.
|
|
+;suhosin.request.max_array_depth = 50
|
|
+
|
|
+; Defines the maximum length of array indices for variables registered through
|
|
+; GET, POST or COOKIE. This setting is also an upper limit for the separate
|
|
+; GET, POST, COOKIE configuration directives.
|
|
+;suhosin.request.max_array_index_length = 64
|
|
+
|
|
+; Defines the maximum length of variable names for variables registered through
|
|
+; the COOKIE, the URL or through a POST request. This is the complete name
|
|
+; string, including all indicies. This setting is also an upper limit for the
|
|
+; separate GET, POST, COOKIE configuration directives.
|
|
+;suhosin.request.max_totalname_length = 256
|
|
+
|
|
+; Defines the maximum length of a variable that is registered through the
|
|
+; COOKIE, the URL or through a POST request. This setting is also an upper
|
|
+; limit for the variable origin specific configuration directives.
|
|
+;suhosin.request.max_value_length = 1000000
|
|
+
|
|
+; Defines the maximum number of variables that may be registered through the
|
|
+; COOKIE, the URL or through a POST request. This setting is also an upper
|
|
+; limit for the variable origin specific configuration directives.
|
|
+;suhosin.request.max_vars = 1000
|
|
+
|
|
+; Defines the maximum name length (excluding possible array indicies) of
|
|
+; variables that may be registered through the COOKIE, the URL or through a
|
|
+; POST request. This setting is also an upper limit for the variable origin
|
|
+; specific configuration directives.
|
|
+;suhosin.request.max_varname_length = 64
|
|
+
|
|
+; When set to On ASCIIZ chars are not allowed in variables.
|
|
+;suhosin.request.disallow_nul = 1
|
|
+
|
|
+; When set to On the dangerous characters <>"'` are urlencoded when found
|
|
+; not encoded in the server variables REQUEST_URI and QUERY_STRING. This
|
|
+; will protect against some XSS vulnerabilities.
|
|
+;suhosin.server.encode = 1
|
|
+
|
|
+; When set to On the dangerous characters <>"'` are replaced with ? in
|
|
+; the server variables PHP_SELF, PATH_TRANSLATED and PATH_INFO. This will
|
|
+; protect against some XSS vulnerabilities.
|
|
+;suhosin.server.strip = 1
|
|
+
|
|
+; Defines the maximum number of files that may be uploaded with one request.
|
|
+;suhosin.upload.max_uploads = 25
|
|
+
|
|
+; When set to On it is not possible to upload ELF executables.
|
|
+;suhosin.upload.disallow_elf = 1
|
|
+
|
|
+; When set to On it is not possible to upload binary files.
|
|
+;suhosin.upload.disallow_binary = 0
|
|
+
|
|
+; When set to On binary content is removed from the uploaded files.
|
|
+;suhosin.upload.remove_binary = 0
|
|
+
|
|
+; This defines the full path to a verification script for uploaded files. The
|
|
+; script gets the temporary filename supplied and has to decide if the upload
|
|
+; is allowed. A possible application for this is to scan uploaded files for
|
|
+; viruses. The called script has to write a 1 as first line to standard output
|
|
+; to allow the upload. Any other value or no output at all will result in the
|
|
+; file being deleted.
|
|
+;suhosin.upload.verification_script =
|
|
+
|
|
+; Specifies the maximum length of the session identifier that is allowed. When
|
|
+; a longer session identifier is passed a new session identifier will be
|
|
+; created. This feature is important to fight bufferoverflows in 3rd party
|
|
+; session handlers.
|
|
+;suhosin.session.max_id_length = 128
|
|
+
|
|
+; Undocumented: Controls if suhosin coredumps when the optional suhosin patch
|
|
+; detects a bufferoverflow, memory corruption or double free. This is only
|
|
+; for debugging purposes and should not be activated.
|
|
+;suhosin.coredump = Off
|
|
+
|
|
+; Undocumented: Controls if the encryption keys specified by the configuration
|
|
+; are shown in the phpinfo() output or if they are hidden from it
|
|
+;suhosin.protectkey = 1
|
|
+
|
|
+; Controls if suhosin loads in stealth mode when it is not the only
|
|
+; zend_extension (Required for full compatibility with certain encoders
|
|
+; that consider open source untrusted. e.g. ionCube, Zend)
|
|
+;suhosin.stealth = 1
|
|
+
|
|
+; Controls if suhosin's ini directives are changeable per directory
|
|
+; because the admin might want to allow some features to be controlable
|
|
+; by .htaccess and some not. For example the logging capabilities can
|
|
+; break safemode and open_basedir restrictions when .htaccess support is
|
|
+; allowed and the admin forgot to fix their values in httpd.conf
|
|
+; An empty value or a 0 will result in all directives not allowed in
|
|
+; .htaccess. The string "legcprsum" will allow logging, execution, get,
|
|
+; post, cookie, request, sql, upload, misc features in .htaccess
|
|
+;suhosin.perdir = "0"
|
|
|
|
[xsl]
|
|
; Write operations from within XSLT are disabled by default.
|