关于‘PHP’

Ubuntu下PHP哈希冲突漏洞快修

发表于2012年1月5日

方法如下:

sudo apt-get install php5-suhosin
sudo sed -i "s/;suhosin\.post\.max_vars/suhosin\.post\.max_vars/" /etc/php5/fpm/conf.d/suhosin.ini
grep suhosin.post.max_vars /etc/php5/fpm/conf.d/suhosin.ini
sudo /etc/init.d/php5-fpm restart

输出是:

suhosin.post.max_vars = 1000  #限制最多有1000个POST参数

看PHP版本信息为:

$ php -v
PHP 5.3.2-1ubuntu4.11 with Suhosin-Patch (cli) (built: Dec 13 2011 18:45:32) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
    with Suhosin v0.9.29, Copyright (c) 2007, by SektionEins GmbH

注:测试环境是Ubuntu 10.04 + PHP 5.3.2 + PHP5-FPM

refs:
PHP哈希冲突浅析
suhosin
Testing vs the hash collision vulnerability

Ubuntu下安装PHP-FPM

发表于2011年9月18日

把VPS的Lenny5换成了Ubuntu10.04,借这个机会试一下效率更高的 PHP-FPM

以下是fabric脚本:

def init_nmp():
    install_nginx()
    install_php()
    install_phpfpm()
 
def install_nginx():
    sudo("add-apt-repository ppa:nginx/stable")
    sudo("apt-get update")
    sudo("apt-get -y -q install nginx-full nginx-common")
 
def install_php():
    # More packages upon request
    sudo("apt-get -y -q --force-yes install php5-cli php5-cgi php5-mysql")
    sudo("apt-get -y -q --force-yes install php5-mcrypt libmcrypt mcrypt") 
 
def install_phpfpm():
    # TODO: use canonical php-fpm package when available
    sudo("add-apt-repository ppa:brianmercer/php")
    sudo("apt-get update")
    sudo("apt-get -y -q install php5-fpm")

/etc/php5/fpm/php5-fpm.conf里将tcp修改成unix socket方式,单机情况下性能更好。

listen = /var/run/php5-fpm.sock
;listen = 127.0.0.1:9000

Nginx里的配置:

location ~ \.php$ { 
    try_files $uri = 404; 
    include /etc/nginx/fastcgi_params; 
    fastcgi_pass unix:/var/run/php5-fpm.sock; 
    fastcgi_index index.php; 
 
    fastcgi_split_path_info         ^(.+\.php)(.*)$; 
    include fastcgi_params; 
    fastcgi_intercept_errors        on; 
    fastcgi_ignore_client_abort     off; 
    fastcgi_connect_timeout         60; 
    fastcgi_send_timeout            180; 
    fastcgi_read_timeout            180; 
    fastcgi_buffer_size             128k; 
    fastcgi_buffers             4   256k; 
    fastcgi_busy_buffers_size       256k; 
    fastcgi_temp_file_write_size    256k; 
}