News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Stefan Esser's Blog:
Suhosin 0.9.20 and crypt() Thread Safety Vulnerability
May 22, 2007 @ 08:34:00

Stefan Esser points out the latest release of his PHP security enhancement patch, Suhosin 0.9.20, and some of the features it adds, a major one specifically.

The most important addition is that a mutex is placed around the call to the system's crypt() function to ensure thread safety. This mutex is necessary to close a bunch of possible attacks on the libc crypt() function on multi threaded systems.

He goes on to explain why it's so important - correcting a possible race condition between competing threads looking to use the crypt() function at the same time. They use the same shared memory space and, because of this, can return possible invalid data. The patch changes this behavior and replaces it with a blowfish implementation to make things more thread-safe.

1 comment voice your opinion now!
suhosin patch security crypt threadsafe vulnerability suhosin patch security crypt threadsafe vulnerability


blog comments powered by Disqus

Similar Posts

Justin's Blog: How to improve the security of your Wordpress blog

CyberInsecure.com: Half-Million Sites Mostly Running PHPBB Forum Software Hacked In Latest Attack

Derick Rethans' Blog: Valgrinding shared modules

Greg Beaver\'s Blog: Why it is very important to upgrade to PEAR 1.4.6 from PEAR 1.3.x

ThinkPHP Blog: Leveraging Security to PHP (using sausages)


Community Events





Don't see your event here?
Let us know!


developer refactor release threedevsandamaybe podcast framework testing interview community opinion series language unittest code api introduction install list laravel wordpress

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework