Ubuntu下PHP哈希冲突漏洞快修
方法如下:
sudo apt-get install php5-suhosin
sudo sed -i "s/;suhosin\.post\.max_vars/suhosin\.post\.max_vars/" /etc/php5/fpm/conf.d/suhosin.ini
grep suhosin.post.max_vars /etc/php5/fpm/conf.d/suhosin.ini
sudo /etc/init.d/php5-fpm restart
输出是:
suhosin.post.max_vars = 1000 #限制最多有1000个POST参数
看PHP版本信息为:
$ php -v
PHP 5.3.2-1ubuntu4.11 with Suhosin-Patch (cli) (built: Dec 13 2011 18:45:32)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with Suhosin v0.9.29, Copyright (c) 2007, by SektionEins GmbH
注:测试环境是Ubuntu 10.04 + PHP 5.3.2 + PHP5-FPM
refs: PHP哈希冲突浅析 suhosin Testing vs the hash collision vulnerability