[Bug 315507] Re: Unable to remove Suhosin patch

[cyco]

Speaking as Debian Maintainer of the source package php-suhosin, I think you didn't understand, what the package "php5-suhosin" stands for.
If you did have a look into the Upstream homepage[1], you can read the following in the beginning of the page:

"Suhosin comes in two independent parts, that can be used separately or
in combination. The first part is a small patch against the PHP core,
that implements a few low-level protections against bufferoverflows or
format string vulnerabilities and the second part is a powerful PHP
extension that implements all the other protections."

So we are talking about 2 different things .... php5-suhosin isn't the equvalent to php5 with the suhosin patch, it is the package which ships the suhosin (modul-) extension for PHP.
php5 is default patched with the suhosin patch by the Debian PHP Maintainers, but this shouldn't harm you, cause it just provides logging functions, see [2].

If you what to get rid of the suhosin stuff you have serveral options.
Removing php5-suhosin is the most radical option. But you can also force
suhosin into simulation mode[3], which can be set global in PHP or local
(for example in vhost).

Thanks for your attention, Jan.

[1] http://www.hardened-php.net/suhosin/ 
[2] http://www.hardened-php.net/suhosin/configuration.html
[3] http://www.hardened-php.net/suhosin/faq.html#will_my_application_break_because_suhosin_is_too_restrictive

-- 
Unable to remove Suhosin patch
https://bugs.launchpad.net/bugs/315507
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.