From 7f1d510a2a76d352d66b0f24be3a5216ff856d94 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Thu, 23 Jul 2020 15:50:17 +0200 Subject: [PATCH] Add a check for the new JIT --- phpconfigcheck.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/phpconfigcheck.php b/phpconfigcheck.php index 5ef2379..f084d88 100644 --- a/phpconfigcheck.php +++ b/phpconfigcheck.php @@ -334,6 +334,7 @@ function test_all_ini_entries() 'last_modified' => "The Last-Modified header will be sent for PHP scripts. This is a minor information disclosure.", 'zend.multibyte' => "This is highly unusual. If possible, try to avoid multibyte encodings in source files - like SJIS, BIG5 - and use UTF-8 instead. Most XSS and other injection protections are not aware of multibyte encodings or can easily be confused. In order to use UTF-8, this option can safely be deactivated.", 'max_input_vars' => "This setting may be incorrect. Unless your application actually needs an incredible number of input variables, please set this to a reasonable value, e.g. 1000.", + 'opcache.jit' => "The JIT is enabled, introducing a RWX memory segment in PHP processes, which might facilitate memory-corruption based attacks", /* Suhosin */ 'suhosin.simulation' => "During initial deployment of Suhosin, this flag should be switched on to ensure that the application continues to work under the new configuration. After carefully evaluating Suhosin's log messages, you may consider switching the simulation mode off.", @@ -808,6 +809,11 @@ function test_all_ini_entries() list($result, $reason) = array(TEST_HIGH, "Multibyte encodings are active."); } break; + case 'opcache.jit': + if (intval($v) & 1 != 0 ) { + list($result, $reason) = array(TEST_LOW, "JIT enabled."); + } + break; /* ===== Suhosin ===== */ case 'suhosin.simulation':