Linux SoftwareInternetHTTP (WWW)Suhosin 0.9.5

Suhosin 0.9.5


Suhosin is an advanced protection system for PHP installations
Developer:   Stefan Esser
      more software by author →
Price:  0.00
License:   GPL (GNU General Public License)
File size:   74K
Language:   
OS:   
Rating:   0 /5 (0 votes)
Your vote:  
enlarge screenshot


Suhosin is an advanced protection system for PHP installations. Suhosin was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Unlike our Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer.

Here are some key features of "Suhosin":
Engine Protection (only with patch)
  • Protects the internal memory manager against bufferoverflows with Canary and SafeUnlink Protection
  • Protects Destructors of Zend Hashtables
  • Protects Destructors of Zend Linked-Lists
  • Protects the PHP core and extensions against format string vulnerabilities
  • Protects against errors in certain libc realpath() implementations

    Misc Features
  • Protection Simulation mode :!:
  • Adds the functions sha256() and sha256_file() to the PHP core
  • Adds support for CRYPT_BLOWFISH to crypt() on all platforms
  • EXPERIMENTAL SQL database user protection

    Runtime Protection
  • Transparent Cookie Encryption :!:
  • Protects against different kinds of (Remote-)Include Vulnerabilities
  • disallows Remote URL inclusion (optional: black-/whitelisting)
  • disallows inclusiong of uploaded files
  • optionally stops directory traversal attacks
  • Allows disabling the preg_replace() /e modifier
  • Allows disabling eval()
  • Protects against infinite recursion through a configureabel maximum execution depth
  • Supports per Virtual Host / Directory configureable function black- and whitelists
  • Supports a separated function black- and whitelist for evaluated code
  • Protects against HTTP Response Splitting Vulnerabilities
  • Protects against scripts manipulating the memory_limit
  • Protects PHP‘s superglobals against extract() and import_request_vars()
  • Adds protection against newline attacks to mail()
  • Adds protection against attack on preg_replace()

    Session Protection
  • Transparent encryption of session data :!:
  • Transparent session hijacking protection :!:
  • Protection against overlong session identifiers
  • Protection against malicious chars in session identifiers

    Filtering Features
  • Filters ASCIIZ characters from user input
  • Ignores GET, POST, COOKIE variables with the following names:
  • GLOBALS, _COOKIE, _ENV, _FILES, _GET, _POST, _REQUEST
  • _SERVER, _SESSION, HTTP_COOKIE_VARS, HTTP_ENV_VARS
  • HTTP_GET_VARS, HTTP_POST_VARS, HTTP_POST_FILES
  • HTTP_RAW_POST_DATA, HTTP_SERVER_VARS, HTTP_SESSION_VARS
  • Allows enforcing limits on REQUEST variables or separated by type (GET, POST, COOKIE)
  • Supports a number of variables per request limit
  • Supports a maximum length of variable names [with and without indicies]
  • Supports a maximum length of array indicies
  • Supports a maximum length of variable values
  • Supports a maximum depth of arrays
  • Allows only a configureable number of uploaded files
  • Supports verification of uploaded files through an external script
  • Supports automatic banning of uploaded ELF executables
  • Supports automatic banning of uploaded binary files
  • Supports automatic stripping of binary content in uploaded files
  • Configureable action on violation
  • just block violating variables
  • send HTTP response code
  • redirect the browser
  • execute another PHP script

    Logging Features
  • Supports multiple log devices (syslog, SAPI module error log, external logging script)
  • Supports freely configureable syslog facility and priority
  • Supports log device separated selection of alert types to log
  • Alerts contain filename and linenumber that triggered it
  • Alerts contain the IP address of the user triggering it
  • The IP Address can also be extracted from X-Forwarded-For HTTP headers (f.e. for reverse proxy setups)

    Requirements:
  • PHP (Version 4 branch)
  • PHP (Version 5 branch)
    tags protects against  vars http  uploaded files  php core  the php  protection against  get post  maximum length  supports automatic  post cookie  session identifiers  http post  files supports  

    Download Suhosin 0.9.5


     http://www.hardened-php.net/suhosin/_media/suhosin-0.9.5.tgz


    Authors software

    Suhosin 0.9.5 (by Stefan Esser)
    Suhosin is an advanced protection system for PHP installations


    Similar software

    Suhosin 0.9.5 (by Stefan Esser)
    Suhosin is an advanced protection system for PHP installations

    ProSum 0.28 (by Ivan San Jose)
    ProSum is a terminal based program that protects your files, sys_call_table and IDT like tripwire way (All in user space, without ker

    SimpleMail 2.0.2 (by Ryan Morrison)
    SimpleMail is the easiest e-mail client there is! SimpleMail uses UAP (Unwanted Access Protection) exclusively to SimpleMail that aut

    Firewall by Jim 1.30 (by Jim Gifford)
    Firewall by Jim is a firewall that takes advantage of tcp_wrappers information to block users

    AVG 7.0 for Linux Workstation (by Grisoft)
    AVG Professional Single Edition is perfectly designed to give you the maximum antivirus protection for your single home PC or worksta

    StelsCSV 3.0 (by J-Stels Software)

    Astaro Security Linux 6.808 (by Astaro Corporation)
    Astaro Security Linux is an award-winning, unique network security solution in an integrated and easy-to-use and manage package

    submitTroughImage 0.1 (by Daantje Eeltink)
    submitTroughImage is a small but usefull spam/flood form submit protection

    NoScript 1.1.4.1 (by Giorgio Maone)
    NoScript offers extra protection for your Firefox: NoScript allows JavaScript, Java (and other plugins) only for trusted domains of y

    php_lib_login 0.9.2.2b (by frymaster)

    Other software in this category

    SquirrelMail 1.5.1 (by The SquirrelMail Project Team)
    SquirrelMail is a standards-based Webmail package written in PHP4

    Tiki CMS/Groupware 1.9.7 (by Luis Argerich)

    Downloader for X 2.5.7 (by Chuchelo)
    Downloader for X is a tool for downloading files from the Internet via both HTT

    Links 2.1pre26 (by Martin Pergel)
    Links is graphics and text mode WWW browser, similar to Lynx

    Mozilla Firefox 1.5.0.8 (by Mozilla Project)

    •     search


    Featured Software

    jEdit 4.3 pre8
    jEdit is an Open Source text editor written in Java

    Opera 9.02
    Surf the Internet in a safer, faster, and easier way with Opera browser

    GNU Aspell 0.60.4
    GNU Aspell is a Free and Open Source spell checker designed to eventually replace Ispell


    Subscribe in Rojo
    Google Reader
    Add to My Yahoo!

    Add to My AOL
    Subscribe with Bloglines
    Subscribe in NewsGator Online
    Add 'nixbit linux software' to Newsburst from CNET News.com
    del.icio.us nixbit linux software


    Top tags