does anyone know the steps to recompile PHP with Suhosin after installing directadmin?
can you help please?

For PHP 5.2.13:


cd /usr/local/directadmin/custombuild
./build update
./build set clean no
tar xzf php-5.2.13.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.13-0.9.7.patch.gz
gunzip suhosin-patch-5.2.13-0.9.7.patch.gz
patch -p0 < suhosin-patch-5.2.13-0.9.7.patch
cd php-5.2.13
`../build used_configs | grep PHP5 | cut -d: -f2`
make
make install
/etc/init.d/httpd restart
cd ..
./build set clean yesPHP 5.3.2:


cd /usr/local/directadmin/custombuild
./build update
./build set clean no
tar xzf php-5.3.2.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.3.2-0.9.9.1.patch.gz
gunzip suhosin-patch-5.3.2-0.9.9.1.patch.gz
patch -p0 < suhosin-patch-5.3.2-0.9.9.1.patch
cd php-5.3.2
`../build used_configs | grep PHP5 | cut -d: -f2`
make
make install
/etc/init.d/httpd restart
cd ..
./build set clean yes
Restart apache using the following command on FreeBSD systems (instead of /etc/init.d/httpd restart):
/usr/local/etc/rc.d/httpd restartAlternative way:
Do the same to the "patch -p0 < ....." line, then open "build" file, find:


FILE=${CWD}/php-${PHP5_VER}.tar.gz
checkFile ${FILE}
echo "Extracting ...";
tar xzf ${FILE}
Replace with (comment tar line out):


FILE=${CWD}/php-${PHP5_VER}.tar.gz
checkFile ${FILE}
echo "Extracting ...";
#tar xzf ${FILE}
Save the file and run "./build php n".

first I got this error when i try :
tar xzf php-5.3.2.tar.gz



i get this error:

# tar xzf php-5.3.2.tar.gz
tar: php-5.3.2.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors


so i edited options.conf and changed php to 5.3

but then i got this question when i typed :
gunzip suhosin-patch-5.3.2-0.9.9.1.patch.gz


File to patch: /usr/local/lib/php.ini
patching file /usr/local/lib/php.ini
Hunk #1 FAILED at 60.
Hunk #2 FAILED at 92.
2 out of 2 hunks FAILED -- saving rejects to file /usr/local/lib/php.ini.rej
can't find file to patch at input line 141
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff -Nura php-5.3.2RC3/Zend/zend.h suhosin-patch-5.3.2-0.9.9.1/Zend/zend.h
|--- php-5.3.2RC3/Zend/zend.h 2010-02-03 21:44:43.000000000 +0100
|+++ suhosin-patch-5.3.2-0.9.9.1/Zend/zend.h 2010-03-04 11:51:11.000000000 +0100
File to patch:


no idea? so what do you think is next?

i formatted the server and started all over . then i used PHP 5.2.13 , when i was done i checked csf and i still have the message saying :
You should recompile PHP with Suhosin to add greater security to PHP

and i typed php -v i got this :
PHP 5.2.13 (cli) (built: Mar 14 2010 04:08:21)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies


any Idea?

Hi, I try


cd /usr/local/directadmin/custombuild
./build update
./build set clean no
tar xzf php-5.2.13.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.13-0.9.7.patch.gz
gunzip suhosin-patch-5.2.13-0.9.7.patch.gz
patch -p0 < suhosin-patch-5.2.13-0.9.7.patch
./build php n
./build set clean yes

And suhosin is not installed.
No error message

Ok, I follow this :


cd /usr/local/
wget http://www.hardened-php.net/suhosin/_media/suhosin-0.9.18.tgz
tar -zxvf suhosin-0.9.18.tgz
cd suhosin-0.9.18
phpize

(if needed : yum install autoconf )


./configure
make
make test
make install
ls –lah /usr/local/lib/php/extensions//no-debug-non-zts-20060613/
cp /usr/local/lib/php/extensions//no-debug-non-zts-20060613/suhosin.so /usr/lib64/php

Modify PHP.INI

Write :
extension_dir = /usr/lib64/php

In Dynamic Extensions ;
Write
extension=suhosin.so

Now :

php -v
PHP 5.2.13 (cli) (built: Mar 17 2010 09:41:38)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project

:D

I hope it can help you !!
(note it is the first time I can help someone :) )

pppplus, it's a suhosin extension, not patch.

oups, not seen that ... :rolleyes:

I've updated my how-to post :) PHP package was extracted second time by the CustomBuild script, so the patched files were overwritten with "./build php n". There should be no problems now. Good luck!

hi, im having a problem with your guide...


[14:09:13] root@Psycho.CrazyNetwork.it [/usr/local/directadmin/custombuild/php-5.2.13]
>`../build used_configs | grep PHP5 | cut -d: -f2`
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
/usr/local/directadmin/custombuild/configure/ap2/configure.php5: line 3: ./configure: No such file or directory
[14:09:19] root@Psycho.CrazyNetwork.it [/usr/local/directadmin/custombuild/php-5.2.13]
>ls
[14:09:32] root@Psycho.CrazyNetwork.it [/usr/local/directadmin/custombuild/php-5.2.13]
>cd ..

Has you can see the build give error, ive tryed without ' aswell


[14:11:11] root@Psycho.CrazyNetwork.it [/usr/local/directadmin/custombuild/php-5.2.13]
>../build used_configs | grep PHP5 | cut -d: -f2
/usr/local/directadmin/custombuild/configure/ap2/configure.php5
[14:11:24] root@Psycho.CrazyNetwork.it [/usr/local/directadmin/custombuild/php-5.2.13]
>ls
[14:11:26] root@Psycho.CrazyNetwork.it [/usr/local/directadmin/custombuild/php-5.2.13]
>make
make: getcwd: No such file or directory
make: *** No targets specified and no makefile found. Stop.


Seems that the build command clean the directory after configure (probably is a custombuild option)

What i should do for dont clean the directory after configure and why if is a security patch has not been implemented has option in custombuild system?

thanks

Make sure you execute "./build set clean no" after "./build update".

hehe exact what i was thinkin.. thanks for add in your tutorial...

now i come up with a new error :)


checking for MySQL UNIX socket location... /var/tmp/mysql.sock
configure: error: Cannot find MySQL header files under yes.
Note that the MySQL client library is not bundled anymore!


during compiling, of course im not able to make ^^

for who interested, for php4.4.9 the file to download is

http://download.suhosin.org/suhosin-patch-4.4.9-0.9.6.patch.gz

the rest of the command (gunzip and patch exlcuded) are the same

worked perfectly thank you.

I did make test..


=====================================================================
EXPECTED FAILED TEST SUMMARY
---------------------------------------------------------------------
output buffering - fatalism [tests/output/ob_011.phpt]
ob_start(): Ensure unerasable buffer cannot be flushed by ob_flush() [tests/outp ut/ob_start_basic_unerasable_005.phpt]
SPL: ArrayObject::exchangeArray() basic usage with object as underlying data sto re. [ext/spl/tests/arrayObject_exchangeArray_basic3.phpt]
=====================================================================

but installed it anyway

error when trying in php 5.3

[root@server custombuild]# patch -p0 < suhosin-patch-5.3.2-0.9.9.1.patch
can't find file to patch at input line 4
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff -Nura php-5.3.2RC3/Zend/Makefile.am suhosin-patch-5.3.2-0.9.9.1/Zend/Makefile.am
|--- php-5.3.2RC3/Zend/Makefile.am 2009-03-18 11:18:10.000000000 +0100
|+++ suhosin-patch-5.3.2-0.9.9.1/Zend/Makefile.am 2010-03-03 20:19:19.000000000 +0100
--------------------------
File to patch:

congratulations for the excellent article.
worked perfectly.
Thank you.

Bruno
www.sempihost.com.br

congratulations for the excellent article.
worked perfectly.
Thank you.

Bruno
www.sempihost.com.br
joining the congratz, although CSF still doesn't recognizes the installation (I have both the patch and the extension installed).

hi,

i run this commands, but not appears how installed.


cd /usr/local/directadmin/custombuild
./build update
./build set clean no
tar xzf php-5.2.13.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.13-0.9.7.patch.gz
gunzip suhosin-patch-5.2.13-0.9.7.patch.gz
patch -p0 < suhosin-patch-5.2.13-0.9.7.patch
cd php-5.2.13
`../build used_configs | grep PHP5 | cut -d: -f2`
make
make install
/etc/init.d/httpd restart
cd ..
./build set clean yes

for PHP 5.2.14 the suhosin patch is this

http://download.suhosin.org/suhosin-patch-5.2.14-0.9.7.patch.gz

the command line stay the same except ofc for filenames

It's work fine for me. Thank you a lot

I have a question why after recompile php I check server security from csf it still show " WARNING You should recompile PHP with Suhosin to add greater security to PHP"

Any Idea ?

i had the same problem and i had to install suhosin extension aswell

Yes I installed suhosin extension but the same result on csf

recompile php with suhosin is not the same of add suhosin extension in php.

Btw, try restart csf and lfd if you have both installed (extension and patch)

recompile php with suhosin is not the same of add suhosin extension in php.

Btw, try restart csf and lfd if you have both installed (extension and patch)

I did its both and restart csf and lfd but the same result. I view my phpinfo it's ok with both patch and addon. :confused:

is csf up 2 date?
strange this error

My csf is 5.0.9 it show warning but I can use ALL suhosin feature it's very great I can custom disable_function for each domain.

http://forum.configserver.com/viewtopic.php?t=3385

Since suhosin does work, I wouldn't worry about it.

We are using suhosin too, works great!
We are using this for suhosin
; suhosin
suhosin.session.encrypt = Off
suhosin.executor.func.blacklist = "exec,system,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl,popen,show_source"
suhosin.post.max_vars = 4096
suhosin.request.max_vars = 4096And if somebody needs a function enabled (almost nobody) then we can overrule this with the HTTPd Custom Configuration at DirecetAdmin for the each domain.

Hello everyone,

I am running FreeBSD 7.3, Apache 2.2.16, Php 5.2.14 and MySQL 5.0.91. I followed smtalk's directions for PHP 5.2.13 (using 5.2.14 Suhosin patch). Everything works fine up to the point I enter:


`../build used_configs | grep PHP5 | cut -d: -f2`

I get the same error that SeLLeRoNe had in post #12:


configure: error: Cannot find MySQL header files under yes.
Note that the MySQL client library is not bundled anymore!

I haven't used custombuild before (which is GREAT by the way - thank you smtalk!!!) - I'm sure it is a "simple" issue that I am unfamiliar with. Does anyone have a suggestion that might resolve this?

Thank you for any assistance you can provide - it's certainly appreciated!

*** I just realized that this was the CentOS thread - my apologies if I should have started a new FreeBSD only thread!

I just tried smtalk's alternative method and it appears Suhosin compiled correctly :).

To me too.

Should we set build clean to yes afterwards??

Anyone cares to answer? :p

is not so important... you can enable it back but remember to disable everytime you have to recompile php and to always apply those change to recompile with suhosin.

regards

I thought so..

any way to set custombuild so it would compile it automaticly like this when doing a ./build update_versions?

no, cause if there will be a new version of php custombuild will download the latest version so you will need to patch it (with the proper suhosin patch for that php version)

i use to do ./build version for see what new there is to update and, if a new php version is present, i use to check on suhosin website if there is already the correct patch, if not, i use to wait till the new patch come out before update php.

Regards

Hello,
I have followed the instructions to install suhosin in PHP and CSF still hasn't detected it, any ideas how to fix?

Thanks

Sorry output for,

php -v
PHP 5.2.16 with Suhosin-Patch 0.9.7 (cli) (built: Jan 6 2011 01:21:04)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies

Hello,
I have PHP 5.2.17 and in the suhosin page only 5.2.16 is available and after that just for 5.3 php.

Can i install other suhosin version in current PHP version or do i need to update PHP in order to install it?

Thanks

i suggest you to wait till suhosin release the version for your php version, or, use update.script (search on this forum) and install suhosin as extension.

regards

Will do that.
Thanks

I did everything how it's written but "make" gives me " *** No targets specified and no makefile found. stop. " I run Debian 5 with php5.2.14 and did:


cd /usr/local/directadmin/custombuild
./build update
./build set clean no
tar xzf php-5.2.14.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.14-0.9.7.patch.gz
gunzip suhosin-patch-5.2.14-0.9.7.patch.gz
patch -p0 < suhosin-patch-5.2.14-0.9.7.patch
cd php-5.2.14
`../build used_configs | grep PHP5 | cut -d: -f2`
make (THIS ISN't WORKING)
make install
/etc/init.d/httpd restart
cd ..
./build set clean yes


Why make gives this error?

try this:


cd /usr/local/directadmin/custombuild
rm -rf php*
./build update
./build set clean no
tar xzf php-5.2.13.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.13-0.9.7.patch.gz
gunzip suhosin-patch-5.2.13-0.9.7.patch.gz
patch -p0 < suhosin-patch-5.2.13-0.9.7.patch
nano build
check for every FILE=${CWD}/php-${PHP5_VER} line and at 3 line down comment this corresponding line
#tar xzf ${FILE}
save and exit and run
./build php n
/etc/init.d/httpd restart
./build set clean yes

Regards

I have a question. What about "mail-header.patch" do I have to patch it before or after suhosin patch ?

patch -p0 < php-5.2.xx-mail-header.patch

as far as i remember custombuild script patch php directly while compiling (after suhosin modification aswell)

all the info in here works great with cli but when it comes to cgi, it does not work and that`s because cgi in install in php5 folder vs cli who is installed in php folder. so the commands have to be modified to look for php.ini in php5

try this:


cd /usr/local/directadmin/custombuild
rm -rf php*
./build update
./build set clean no
tar xzf php-5.2.13.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.13-0.9.7.patch.gz
gunzip suhosin-patch-5.2.13-0.9.7.patch.gz
patch -p0 < suhosin-patch-5.2.13-0.9.7.patch
nano build
check for every FILE=${CWD}/php-${PHP5_VER} line and at 3 line down comment this corresponding line
#tar xzf ${FILE}
save and exit and run
./build php n
/etc/init.d/httpd restart
./build set clean yesRegards

Thanks SeLLeRoNe, I tried previous posts and it all failed, yours with some updating (versions) worked.

I needed to add exif to my php so I needed to recompile php, but suhosin is not available for the latest php version so I needed to use custombuild with an older version of php.

Here's what I did, hopefully it will help others;


cd /usr/local/directadmin/custombuild
rm -rf php*
rm -rf suh*
./build update
./build set clean no
nano versions.txt
change the php5:5.2.17 line to
php5:5.2.16:68f2c92b5b33d131b1ea70ece9fc40ad
./build update_data
tar xzf php-5.2.16.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.16-0.9.7.patch.gz
gunzip suhosin-patch-5.2.16-0.9.7.patch.gz
patch -p0 < suhosin-patch-5.2.16-0.9.7.patch
nano build
check for every FILE=${CWD}/php-${PHP5_VER} line and at 3 line down comment this corresponding line
#tar xzf ${FILE}
save and exit
nano configure/suphp/configure.php5
add a \ to last line
add on the new line
"--enable-exif"
save and exit and run
./build php n
./build set clean yes
As you can see I changed the versions.txt to get the previous version of 5.2.16 instead of the current 5.2.17
It would be good if custombuild can have the option to overide the version instead of having to hack the code.
but either way, I'm no expert and I got it going so, thank you to SeLLeRoNe and smtalk.

So is there any new and better and easier way to get suhosin to work ? the info above did not work for me.

For anyone interested in compiling PHP 5.2.17 with Suhosin patch 0.9.7 - I was able to do so using the following steps to create a "new" patch - followed by smtalk's instructions (second post in this thread):

1.) Download the Suhosin patch for PHP 5.2.16 (suhosin-patch-5.2.16-0.9.7.patch.gz)

2.) Gunzip (extract) to suhosin-patch-5.2.16-0.9.7.patch

3.) Rename the patch to suhosin-patch-5.2.17-0.9.7.patch (e.g. for PHP 5.2.17)

4.) Open the patch in a text editor and replace all instances of "5.2.16" with "5.2.17" (I used MetaPad on Windows 7) - completed in a few seconds.

5.) At this point - follow smtalk's instructions for patching PHP by downloading a new copy of php-5.2.17.tar.gz from the DA file repository.

An example of the changes you will see:


diff -Nura php-5.2.16/TSRM/TSRM.h suhosin-patch-5.2.16-0.9.7/TSRM/TSRM.h
--- php-5.2.16/TSRM/TSRM.h 2008-12-31 12:17:49.000000000 +0100
+++ suhosin-patch-5.2.16-0.9.7/TSRM/TSRM.h 2010-12-30 16:48:25.000000000 +0100

Becomes:


diff -Nura php-5.2.17/TSRM/TSRM.h suhosin-patch-5.2.17-0.9.7/TSRM/TSRM.h
--- php-5.2.17/TSRM/TSRM.h 2008-12-31 12:17:49.000000000 +0100
+++ suhosin-patch-5.2.17-0.9.7/TSRM/TSRM.h 2010-12-30 16:48:25.000000000 +0100

I had some spare time on my hands so I did a full text comparison of the source files for PHP 5.2.16 vs 5.2.17 - as compared to the changes made by the Suhosin patch for PHP 5.2.16. None of the files that Suhosin 0.9.7 alters appear to have changed with PHP 5.2.17.

*** IMPORTANT ***

While this worked perfectly for me on a FreeBSD 7.3 32 bit server - your mileage may vary. I cannot guarantee this will work for you in your environment. Good luck!

I have attached my "suhosin-patch-5.2.17-0.9.7.patch.txt" to this post. Just remove the ".txt" extension at the end.

Anyone confirm this mehtod?
May it cause any issues?
I'm using Centos 5.5 along with PHP 5.2.17



For anyone interested in compiling PHP 5.2.17 with Suhosin patch 0.9.7 - I was able to do so using the following steps to create a "new" patch - followed by smtalk's instructions (second post in this thread):

1.) Download the Suhosin patch for PHP 5.2.16 (suhosin-patch-5.2.16-0.9.7.patch.gz)

2.) Gunzip (extract) to suhosin-patch-5.2.16-0.9.7.patch

3.) Rename the patch to suhosin-patch-5.2.17-0.9.7.patch (e.g. for PHP 5.2.17)

4.) Open the patch in a text editor and replace all instances of "5.2.16" with "5.2.17" (I used MetaPad on Windows 7) - completed in a few seconds.

5.) At this point - follow smtalk's instructions for patching PHP by downloading a new copy of php-5.2.17.tar.gz from the DA file repository.

An example of the changes you will see:


diff -Nura php-5.2.16/TSRM/TSRM.h suhosin-patch-5.2.16-0.9.7/TSRM/TSRM.h
--- php-5.2.16/TSRM/TSRM.h 2008-12-31 12:17:49.000000000 +0100
+++ suhosin-patch-5.2.16-0.9.7/TSRM/TSRM.h 2010-12-30 16:48:25.000000000 +0100

Becomes:


diff -Nura php-5.2.17/TSRM/TSRM.h suhosin-patch-5.2.17-0.9.7/TSRM/TSRM.h
--- php-5.2.17/TSRM/TSRM.h 2008-12-31 12:17:49.000000000 +0100
+++ suhosin-patch-5.2.17-0.9.7/TSRM/TSRM.h 2010-12-30 16:48:25.000000000 +0100

I had some spare time on my hands so I did a full text comparison of the source files for PHP 5.2.16 vs 5.2.17 - as compared to the changes made by the Suhosin patch for PHP 5.2.16. None of the files that Suhosin 0.9.7 alters appear to have changed with PHP 5.2.17.

*** IMPORTANT ***

While this worked perfectly for me on a FreeBSD 7.3 32 bit server - your mileage may vary. I cannot guarantee this will work for you in your environment. Good luck!

I have attached my "suhosin-patch-5.2.17-0.9.7.patch.txt" to this post. Just remove the ".txt" extension at the end.

Anyone confirm this mehtod?
May it cause any issues?

In case this method is not working, the worst thing you might get is PHP without suhosin-patch, so feel free to check this out. And update us with your results.

Tested and it work with 5.2.17 and 5.3.8 (using/editing the suhosin 5.3.7 file).

Regards

I've installed the patch and everything seems ok. But how can I check that is my php patched or not ?


In case this method is not working, the worst thing you might get is PHP without suhosin-patch, so feel free to check this out. And update us with your results.

Just run this:


php -v

You should have something like: PHP 5.3.8 with Suhosin-Patch (cli) (built: Nov 24 2011 12:11:04)

Regards

hello,

i'm testing with suhosin on our testing envoirment.

the patch is working, but i don't get suhosin.executor.func.blacklist working.

what i'm doing wrong?

tested on multiply servers with php 5.3.10, 5.2.16, 5.2.17

output of php -v:

PHP 5.2.17 with Suhosin-Patch 0.9.7 (cli) (built: Feb 20 2012 12:54:27)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
with the ionCube PHP Loader v4.0.10, Copyright (c) 2002-2011, by ionCube Ltd.


httpd.conf

# Auto generated apache config file by DirectAdmin version 1.40.3
# Modifying this file is not recommended as any changes you make will be
# overwritten when the user makes any changes to his/her website

# For global config changes that affect all Users, see this guide:
# http://help.directadmin.com/item.php?id=2
# For local config changes that only affect one User, see this guide:
# http://help.directadmin.com/item.php?id=3

# Frontpage requires these parameters in every httpd.conf file or else
# it won't work.
ServerRoot /etc/httpd



<VirtualHost *.*.*.*:80 >


ServerName www.testwebserver.com
ServerAlias www.testwebserver.com testwebserver.com
ServerAdmin webmaster@testwebserver.com
DocumentRoot /home/test/domains/testwebserver.com/public_html
ScriptAlias /cgi-bin/ /home/test/domains/testwebserver.com/public_html/cgi-bin/

UseCanonicalName OFF

#SuexecUserGroup test test
RMode config
RUidGid test test
RGroups apache

#RDocumentChRoot /home/test /home/test/domains/testwebserver.com/public_html
CustomLog /var/log/httpd/domains/testwebserver.com.bytes bytes
CustomLog /var/log/httpd/domains/testwebserver.com.log combined
ErrorLog /var/log/httpd/domains/testwebserver.com.error.log

<Directory /home/test/domains/testwebserver.com/public_html>
Options +Includes -Indexes
php_admin_value upload_tmp_dir "/home/test/tmp"
php_admin_value suhosin.executor.func.blacklist "system, shell_exec, exec, passthru, php_uname, popen, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid,posix_setgid, posix_uname, proc_close, proc_nice, proc_open, proc_terminate"
php_admin_value session.save_path "/home/test/tmp"
php_admin_value soap.wsdl_cache_dir "/home/test/tmp"
php_admin_value eaccelerator.cache_dir "/home/test/tmp/eaccelerator"

php_admin_flag engine ON
<IfModule !mod_php6.c>
php_admin_flag safe_mode OFF
</IfModule>
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f test@testwebserver.com'


php_admin_value open_basedir /home/test/:/tmp:/var/tmp:/usr/local/lib/php/


</Directory>
<Location /phpMyAdmin>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>
<Location /phpmyadmin>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>
<Location /squirrelmail>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>
<Location /roundcube>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>
<Location /uebimiau>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>
<Location /webmail>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>
<Location /atmail>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>



</VirtualHost>




<VirtualHost *.*.*.*:443 >

SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key


ServerName www.testwebserver.com
ServerAlias www.testwebserver.com testwebserver.com
ServerAdmin webmaster@testwebserver.com
DocumentRoot /home/test/domains/testwebserver.com/private_html
ScriptAlias /cgi-bin/ /home/test/domains/testwebserver.com/public_html/cgi-bin/

UseCanonicalName OFF

#SuexecUserGroup test test
RMode config
#RDocumentChRoot /home/test /home/test/domains/testwebserver.com/private_html
RUidGid test test
RGroups apache

CustomLog /var/log/httpd/domains/testwebserver.com.bytes bytes
CustomLog /var/log/httpd/domains/testwebserver.com.log combined
ErrorLog /var/log/httpd/domains/testwebserver.com.error.log

<Directory /home/test/domains/testwebserver.com/private_html>
Options +Includes -Indexes
php_admin_value upload_tmp_dir "/home/test/tmp"
php_admin_value suhosin.executor.func.blacklist "system, shell_exec, exec, passthru, php_uname, popen, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid,posix_setgid, posix_uname, proc_close, proc_nice, proc_open, proc_terminate"
php_admin_value session.save_path "/home/test/tmp"
php_admin_value soap.wsdl_cache_dir "/home/test/tmp"
php_admin_value eaccelerator.cache_dir "/home/test/tmp/eaccelerator"


php_admin_flag engine ON
<IfModule !mod_php6.c>
php_admin_flag safe_mode OFF
</IfModule>
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f test@testwebserver.com'


php_admin_value open_basedir /home/test/:/tmp:/var/tmp:/usr/local/lib/php/


</Directory>
<Location /phpMyAdmin>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>
<Location /phpmyadmin>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>
<Location /squirrelmail>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>
<Location /roundcube>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>
<Location /uebimiau>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>
<Location /webmail>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>
<Location /atmail>
RMode config
RUidGid webapps webapps
RGroups apache
</Location>



</VirtualHost>


when i'm running this script:


<?php
$output = shell_exec('ls -lart');
echo "<pre>$output</pre>";

?>

i get

total 12
drwx--x--x 9 test test 4096 Feb 16 00:12 ..
drwxr-xr-x 2 test test 4096 Feb 20 11:57 .
-rw-r--r-- 1 test test 80 Feb 20 12:03 index.php


tried it over and over and over, but no result. Also with the module it is not working...


thank you.

got it working now. extension was not loaded correctly

When I go to install PHP 5.3.x from custombuild, it appears that it has downloaded 5.3.10... No big deal given that there are some major security flaws in 5.3.9, but Suhosin does not have a patch for 5.3.10 (at least not yet). Any suggestions there? Or is there a way to make the 5.3.9 patch work with PHP 5.3.10?

https://github.com/adamv/homebrew-alt/pull/176

http://ftp.freebsd.org/pub/FreeBSD/ports/local-distfiles/ale/suhosin-patch-5.3.10-0.9.10.patch.gz