Together with the release of PHP 5.3.2 by the PHP team I have released Suhosin-Patch which comes with bugfixes and new features. The changes are:

  • fixed some crashbugs for IA64 architecture
  • check return value of mprotect() to ensure that memory is read only – credits: PAX Team
  • fixed mprotect() call – encrypted pointer was used in revoked 0.9.9 – credits: PAX Team
  • added additional hardening to destructor protection
  • added pointer obfuscation to memory manager
The most important new feature is the pointer obfuscation inside the PHP memory manager. This mitigation makes it much harder to exploit lots of memory corruptions correctly. Pointer obfuscation is also used to protect the pointer to the read only configuration inside Suhosin-Patch that allows it to be configured by environment variables.