Ubuntu下PHP哈希冲突漏洞快修

方法如下:

sudo apt-get install php5-suhosin
sudo sed -i "s/;suhosin\.post\.max_vars/suhosin\.post\.max_vars/" /etc/php5/fpm/conf.d/suhosin.ini
grep suhosin.post.max_vars /etc/php5/fpm/conf.d/suhosin.ini
sudo /etc/init.d/php5-fpm restart

输出是:

suhosin.post.max_vars = 1000  #限制最多有1000个POST参数

看PHP版本信息为:

$ php -v
PHP 5.3.2-1ubuntu4.11 with Suhosin-Patch (cli) (built: Dec 13 2011 18:45:32) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
    with Suhosin v0.9.29, Copyright (c) 2007, by SektionEins GmbH

注:测试环境是Ubuntu 10.04 + PHP 5.3.2 + PHP5-FPM

refs:
PHP哈希冲突浅析
suhosin
Testing vs the hash collision vulnerability

标签: ,