PHPDeveloper: PHP News, Views and Community

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Dave Marshall's Blog: Competition: PHP Job Hunters Handbook up for grabs

Job Posting: LIVESTRONG.com/Demand Media Inc. Seeks Senior PHP Software Developer (Santa Monica, CA)

Job Posting: Children's Hospital Boston Seeks Open Source Web Developer (Boston, MA)

Job Posting: eReleases Seeks Zend/PHP Developer (Baltimore, MD)

Job Posting: Chegg Seeks Senior PHP Developer (Santa Clara, CA)

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

News Archive

Etienne Kneuss' Blog: SplObjectStorage for a fast and secure object dictionary

Matthew Turland's Blog: php|tek 2009 Hackathon

Tobias Schlitt's Blog: Webdav authentication, authorization and locking

Evert Pot's Blog: Devshed article about SQL Injection

Site News: Blast from the Past - One Year Ago in PHP

Community News: phpGG Frontend Special

devReview.com: The Big List of PHP Frameworks

Kana Yeh's Blog: Review Ivo Jansch's Guide to Enterprise PHP development

Jani Hartikainen's Blog: Another idea for using models with forms

DevShed: PHP Programs to Prevent MySQL Injection or HTML Form Abuse

feed this:

Stefan Esser's Blog:
Suhosin 0.9.20 and crypt() Thread Safety Vulnerability

by Chris Cornutt May 22, 2007 @ 08:34:00

Stefan Esser points out the latest release of his PHP security enhancement patch, Suhosin 0.9.20, and some of the features it adds, a major one specifically.

The most important addition is that a mutex is placed around the call to the system's crypt() function to ensure thread safety. This mutex is necessary to close a bunch of possible attacks on the libc crypt() function on multi threaded systems.

He goes on to explain why it's so important - correcting a possible race condition between competing threads looking to use the crypt() function at the same time. They use the same shared memory space and, because of this, can return possible invalid data. The patch changes this behavior and replaces it with a blowfish implementation to make things more thread-safe.

0 comments voice your opinion now!
suhosin patch security crypt threadsafe vulnerability suhosin patch security crypt threadsafe vulnerability

Community Events

Don't see your event here?
Let us know!

All content copyright, 2009 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework