December 5, 201312 yr This article from arstechnica reminds us that security holes are everywhere and this is starting to be exploited on embedded devices, which we could consider unRAID to be in a sense. I haven't bothered to figure out which version of PHP unRAID uses, but I hope that 6.x brings us up to the latest Slackware releases and the updated packages that go with it. There are lots of good reasons to do this, including security and better plugin compatibility. http://arstechnica.com/security/2013/11/new-linux-worm-targets-routers-cameras-internet-of-things-devices/
December 6, 201312 yr AFAIK, stock unRaid doesn't use PHP. There are some plugins/add-ons that do, but vanilla unRaid doesn't. EDIT: Regardless, I do agree with your statement about keeping unRaid packages up to date.
December 6, 201312 yr Stock unRAID 5.0 and up use PHP. That's what the webgui is set up with. It may not be used the same way a standard http server would use it, but php is still involved in the forming of pages. root@unRAID:~# php -v PHP 5.2.13 (cli) (built: Mar 27 2012 14:28:43) Copyright © 1997-2010 The PHP Group Zend Engine v2.2.0, Copyright © 1998-2010 Zend Technologies root@unRAID:~# ls -l /usr/local/emhttp/plugins/webGui/*.php -rw-rw-rw- 1 root root 858 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/AFP.php -rw-rw-rw- 1 root root 28591 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/ArrayStatus.php -rw-rw-rw- 1 root root 1361 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/CacheSettings.php -rw-rw-rw- 1 root root 10932 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/DateTime.php -rw-rw-rw- 1 root root 2416 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/DeviceDetail.php -rw-rw-rw- 1 root root 12678 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/DeviceStatus.php -rw-rw-rw- 1 root root 3311 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/DiskSettings.php -rw-rw-rw- 1 root root 1197 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/FTP.php -rw-rw-rw- 1 root root 1506 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/FlashDetail.php -rw-rw-rw- 1 root root 917 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/Identification.php -rwxrwxrwx 1 root root 1232 2013-11-27 21:15 /usr/local/emhttp/plugins/webGui/Info.php* -rw-rw-rw- 1 root root 1445 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/MoverSettings.php -rw-rw-rw- 1 root root 1075 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/NFS.php -rw-rw-rw- 1 root root 4267 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/NetworkSettings.php -rw-rw-rw- 1 root root 1287 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/NewConfig.php -rw-rw-rw- 1 root root 2127 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/NewPerms.php -rw-rw-rw- 1 root root 864 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/PageMap.php -rw-rw-rw- 1 root root 4180 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/SMB.php -rw-rw-rw- 1 root root 5110 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/SecurityAFP.php -rw-rw-rw- 1 root root 2120 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/SecurityNFS.php -rw-rw-rw- 1 root root 5603 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/SecuritySMB.php -rw-rw-rw- 1 root root 4103 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/ShareEdit.php -rw-rw-rw- 1 root root 3072 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/ShareList.php -rw-rw-rw- 1 root root 1544 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/ShareSettings.php -rw-r--r-- 1 root root 1008 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/UpgradeWebGui.php -rw-rw-rw- 1 root root 1691 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/UserAdd.php -rw-rw-rw- 1 root root 2226 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/UserEdit.php -rw-rw-rw- 1 root root 769 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/UserList.php -rw-rw-rw- 1 root root 388 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/Vars.php -rwxrwxrwx 1 root root 116 2013-11-27 20:53 /usr/local/emhttp/plugins/webGui/phpsysinfo.php* -rw-rw-rw- 1 root root 9424 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/template.php
December 7, 201312 yr Stock unRAID 5.0 and up use PHP. That's what the webgui is set up with. It may not be used the same way a standard http server would use it, but php is still involved in the forming of pages. root@unRAID:~# php -v PHP 5.2.13 (cli) (built: Mar 27 2012 14:28:43) Copyright © 1997-2010 The PHP Group Zend Engine v2.2.0, Copyright © 1998-2010 Zend Technologies root@unRAID:~# ls -l /usr/local/emhttp/plugins/webGui/*.php -rw-rw-rw- 1 root root 858 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/AFP.php -rw-rw-rw- 1 root root 28591 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/ArrayStatus.php -rw-rw-rw- 1 root root 1361 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/CacheSettings.php -rw-rw-rw- 1 root root 10932 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/DateTime.php -rw-rw-rw- 1 root root 2416 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/DeviceDetail.php -rw-rw-rw- 1 root root 12678 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/DeviceStatus.php -rw-rw-rw- 1 root root 3311 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/DiskSettings.php -rw-rw-rw- 1 root root 1197 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/FTP.php -rw-rw-rw- 1 root root 1506 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/FlashDetail.php -rw-rw-rw- 1 root root 917 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/Identification.php -rwxrwxrwx 1 root root 1232 2013-11-27 21:15 /usr/local/emhttp/plugins/webGui/Info.php* -rw-rw-rw- 1 root root 1445 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/MoverSettings.php -rw-rw-rw- 1 root root 1075 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/NFS.php -rw-rw-rw- 1 root root 4267 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/NetworkSettings.php -rw-rw-rw- 1 root root 1287 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/NewConfig.php -rw-rw-rw- 1 root root 2127 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/NewPerms.php -rw-rw-rw- 1 root root 864 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/PageMap.php -rw-rw-rw- 1 root root 4180 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/SMB.php -rw-rw-rw- 1 root root 5110 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/SecurityAFP.php -rw-rw-rw- 1 root root 2120 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/SecurityNFS.php -rw-rw-rw- 1 root root 5603 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/SecuritySMB.php -rw-rw-rw- 1 root root 4103 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/ShareEdit.php -rw-rw-rw- 1 root root 3072 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/ShareList.php -rw-rw-rw- 1 root root 1544 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/ShareSettings.php -rw-r--r-- 1 root root 1008 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/UpgradeWebGui.php -rw-rw-rw- 1 root root 1691 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/UserAdd.php -rw-rw-rw- 1 root root 2226 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/UserEdit.php -rw-rw-rw- 1 root root 769 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/UserList.php -rw-rw-rw- 1 root root 388 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/Vars.php -rwxrwxrwx 1 root root 116 2013-11-27 20:53 /usr/local/emhttp/plugins/webGui/phpsysinfo.php* -rw-rw-rw- 1 root root 9424 2013-08-28 13:48 /usr/local/emhttp/plugins/webGui/template.php I stand corrected!
December 8, 201312 yr Interesting slackware 13.1 has 2 php versions: 1 slackware/n php-5.2.13-i486-2.txz 3316K php (HTML-embedded scripting language) 2 patches/packages php-5.3.27-i486-1_slack13.1.txz 4196K php (HTML-embedded scripting language) I suspect for this very reason. I dont think unRAID ever picks up anything from patches though? I am a bit unclear if we should.
December 9, 201312 yr Author Interesting slackware 13.1 has 2 php versions: 1 slackware/n php-5.2.13-i486-2.txz 3316K php (HTML-embedded scripting language) 2 patches/packages php-5.3.27-i486-1_slack13.1.txz 4196K php (HTML-embedded scripting language) I suspect for this very reason. I dont think unRAID ever picks up anything from patches though? I am a bit unclear if we should. Can't think of any reason not to update. Or at least try the update! Beyond my abilities to provide any useful testing though.
December 9, 201312 yr You can't "directly" upgrade php by just installing slackware php package, unRaid comes with a minimalistic custom php compilation (despite same version as slackware package) with a lot of features disabled and different configuration from default one on slackware package... You can do it, but you need to adjust some settings on php.ini (disable short_open_tag, disable showing notices, and disabling a few modules that depends on libs that are not included on unRaid, or you need to install these libs...). BTW, do you really need to update? Do you have it (unraid webgui or some other http server on it using php...) exposed to the Internet? I do have full php from slackware package (and apache) running on my unRaid server, but I did never bothered to use the updated packages from the 'patches' dir, as actually I use it only for internal LAN usage, not exposed to the Internet, but I guess these updated ones should work with similar configuration adjustments required.
December 9, 201312 yr http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.516041 Ignoring the specifics of this particular SSA I think we have a wider mechanism to consider. Security patches need to be rolled into the unRAID release schedule in some way.
Archived
This topic is now archived and is closed to further replies.