Hardening-Patch

What is the Hardening-Patch?

The Hardening-Patch is a patchset that adds security hardening features to PHP to protect your servers on the one hand against a number of well known problems in PHP applications and on the other hand against potential unknown vulnerabilities within those applications or the PHP core itself.

Implemented protections (until now)

- Canary protection of the Zend Memory Manager
- Canary protection of Zend Linked Lists
- Canary protection of Zend HashTable Destructors
- Protection against internal format string exploits
- Protection against arbitrary (remote) code inclusion
- Configureable input variable filter (filter for size, length, number, depth)
- Syslog logging of attackers IP and attacked script
- Protects the superglobals from beeing overwritten by import_request_variables()/extract()
- Protects the superglobals from beeing overwritten by register_globals=On emulations
- memory_limit cannot be increased over the configured maximum
- Protection against malfunctional realpath() implementations
- Safe Unlink protection for the Zend Memory Manager
- Protection against information disclosure after failed SQL queries
- Protection against HTTP Response Splitting attacks
- Protection against Executor Recursion Crashes
- Allows protection against infected uploaded files