- fix open_basedir vulnerability in php4 and php5 [1]

- add an alert on safe_mode intrinsic insecurity and suggest to install the suhosin extension - enable the suhosin patch by deafult also in php4 Submitted by: Thomas Vogt <thomas@bsdunix.ch> [1] Obtained from: PHP CVS [1] Approved by: portmgr (clement)
author: Alex Dupre <ale@FreeBSD.org> 2006-10-16 09:30:58 +0000
committer: Alex Dupre <ale@FreeBSD.org> 2006-10-16 09:30:58 +0000
commit: d754180768ceb88d6503eb611b91f8153d84da04 (patch)
tree: 194f945e56fcc78457c3972839630e2725b992a3 /lang/php4/files/patch-php.ini-recommended
parent: - follow devel/libticalcs 4.6.1 library version (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/lang/php4/files/patch-php.ini-recommended b/lang/php4/files/patch-php.ini-recommended
new file mode 100644
index 000000000000..a2baecd55e4f
--- /dev/null
+++ b/lang/php4/files/patch-php.ini-recommended
@@ -0,0 +1,18 @@
+--- php.ini-recommended.orig	Fri Dec 30 18:19:43 2005
++++ php.ini-recommended	Mon Oct 16 08:13:05 2006
+@@ -169,6 +169,15 @@
+ ;
+ ; Safe Mode
+ ;
++; SECURITY NOTE: The FreeBSD Security Officer strongly recommend that
++; the PHP Safe Mode feature not be relied upon for security, since the
++; issues Safe Mode tries to handle cannot properly be handled in PHP
++; (primarily due to PHP's use of external libraries).  While many bugs
++; in Safe Mode has been fixed it's very likely that more issues exist
++; which allows a user to bypass Safe Mode restrictions.
++; For increased security we recommend to always install the Suhosin
++; extension.
++;
+ safe_mode = Off
+ 
+ ; By default, Safe Mode does a UID compare check when
author	Alex Dupre <ale@FreeBSD.org>	2006-10-16 09:30:58 +0000
committer	Alex Dupre <ale@FreeBSD.org>	2006-10-16 09:30:58 +0000
commit	d754180768ceb88d6503eb611b91f8153d84da04 (patch)
tree	194f945e56fcc78457c3972839630e2725b992a3 /lang/php4/files/patch-php.ini-recommended
parent	- follow devel/libticalcs 4.6.1 library version (diff)