Monthly Archives: December 2011

Fedora, PHP, and the hash collision

There’s a very good post on Ars Technica forums about testing Linux servers running PHP for the hash collision vulnerability. I tested my Fedora 15 system as described and found that it was vulnerable.

Patching the vulnerability, however, seems to be described in the original post with Ubuntu in mind.  On my Fedora system, the steps had to be slightly different. Here’s what I did to apply the patch.

1. Log in as root:

[me@myserver html]$ su

Enter the root password when asked.

2. Install the Suhosin patch:

[root@myserver html]# yum install php-suhosin

On my system, this command has installed the php-suhosin-0.9.32.1-2.fc15.i686 package from the fedora repository.

3. Restart Apache:

[root@myserver html]# apachectl restart

4. Check the value of the suhosin.post.max_vars configuration variable; it should be set to 1000 or less.  (I actually did it by viewing the output of phpinfo() in browser, so no command line here…  Speaking of the phpinfo() output, the location of the suhosin.ini file is also displayed, so if you need to edit it, you can find out where it is.)

5. Test for the vulnerability again as described in the original post:

[root@myserver html]# wget -O - --post-file /tmp/hashcollide.txt http://127.0.0.1/hashtest.php

In my case, the vulnerability was fixed.

Paul Krugman on British debt history

Paul Krugman writes:

I’ve been playing around with the IMF’s historical public debt database, which has long-term information on ratios of debt to GDP. And you really have to marvel, given that historical record, at the deficit panic now so widespread. Here’s debt as a percentage of GDP in Britain, back to 1830:

UK debt since 1830

That uptick at the end — you’ll see it if you squint — is what’s driving the Cameron government’s insistence on slashing spending in a liquidity trap.

It’s also interesting to note — contrary to what you often hear — that at the time Keynes was writing, and calling for fiscal stimulus, Britain was substantially deeper in debt than Britain or the United States are now.