Suhosin-Patch 0.9.9.1

March 5th, 2010 | by Stefan Esser |

Together with the release of PHP 5.3.2 by the PHP team I have released Suhosin-Patch 0.9.9.1 which comes with bugfixes and new features. The changes are:

  • fixed some crashbugs for IA64 architecture
  • check return value of mprotect() to ensure that memory is read only - credits: PAX Team
  • fixed mprotect() call - encrypted pointer was used in revoked 0.9.9 - credits: PAX Team
  • added additional hardening to destructor protection
  • added pointer obfuscation to memory manager
The most important new feature is the pointer obfuscation inside the PHP memory manager. This mitigation makes it much harder to exploit lots of memory corruptions correctly. Pointer obfuscation is also used to protect the pointer to the read only configuration inside Suhosin-Patch that allows it to be configured by environment variables.

  1. 5 Responses to “Suhosin-Patch 0.9.9.1”

  2. By trophaeum on Mar 5, 2010 | Reply

    thanks pax team for spending time on helping an already awesome project!

  3. By Willem on Mar 5, 2010 | Reply

    Can you tell me what kind of pointer obfuscation techniques you have used?

  4. By Stefan on Mar 5, 2010 | Reply

    The pointer obfuscation is for now only a simple XOR of the pointers with a random value. Right now this random value will be generated once in the beginning, so it is the same for all requests (when PHP runs as module).

    However this was just the first attempt to implement it: Most probably it will be changed to use a different random value for each new request.

    Obfuscation affects the forward and backward pointers of free memory blocks. And the free memory cache. This stops several attacks against the free memory cache.

    Other pointer might get obfuscated in future versions, however the problem is to stay compatible with PHP extensions like APC and Zend Tools. These tools often do not use API functions to do the things they want (sometimes because there are no such API functions) so it is not possible to just obfuscate the pointers.

  5. By G. Flindt on Mar 6, 2010 | Reply

    Where can I find the Windows binaries?

    Since your forum is offline (when will it be available again?), this is a little problem - I’d love to use Suhosin but I’m not able to build the extension on my own. :(

  6. By Stefan on Mar 6, 2010 | Reply

    There are no offical windows binaries. And I suggest to not use inofficial windows binaries, because they might contain trojans.

    At the moment it is unknown if there ever will be windows binaries.

Post a Comment