Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:103647 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 2316 invoked from network); 29 Dec 2018 03:27:38 -0000 Received: from unknown (HELO mail-pf1-f172.google.com) (209.85.210.172) by pb1.pair.com with SMTP; 29 Dec 2018 03:27:38 -0000 Received: by mail-pf1-f172.google.com with SMTP id y126so11032608pfb.4 for ; Fri, 28 Dec 2018 15:59:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=4X4I3iE+9AIfIE1YeIiHkS55U0Wo0uuZusBttqH2tX8=; b=T55rxSDU2j7yrWjXoWjpqrewS20tlrrSPprfvfZ6QJYTuEbZ2nvEu33SPETrqeF6kM s/+dtID6usi5103sx908ME3tkeMab3KUoU9mbfrgPsMRRIpN5B1szt+le/NhlVnjytKB ZanII8qBX3sgnDpX6DlTDD/UE919OvwT9v/q/XpH80SWvFCA0KIgyvG9Yq0myTD6Pfc0 UnDYi4FmEzHjmHjBGli+G6Gy71DMrqKtdo/6l50k/R7g3MUBTGIDnO0R/jxmrE/c53DZ DPLTm8yGkJwmNnSPlrctPWM6Lql5vxuTkB8+60GwUTLAr1g1OaSwmQxi+NVr2n0kHMVE LWfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=4X4I3iE+9AIfIE1YeIiHkS55U0Wo0uuZusBttqH2tX8=; b=WDKxn32i3dTcAGwb+yIss2kYFwyZKse2Tj64HLhDF2W0d9lHOkHwINI5aFzigDL2g6 C3KPPBnNkFLkC90B2FnCw30IsgGUptGk0aisf6UxGhaPzZoNUWNnz+Tt7y55DBywonZV 9UVUOSBvQwoSyoYUZI9JFoKWl/r3P4/79CQ1FYgY935fg8ECyNIHYUalSJi5SOay9wOm DpjpaDN2X1EVvO0rTs9jAnUqMbHcLINBIquEcMG18k/Nem05UVS2Z74xXbNq9KkNdDBL r4YMOygWToUzRNiEEJWzkQsGsHIAiA4QgrE9XFSEGola70ygKV7URb1uO4J7nwGP+oGT 8Jgw== X-Gm-Message-State: AJcUukcru/jLww7VMr4Y5+JoIJnoybPbN1YRPjiEP/adTAF57t3CAan+ mCuGTdWlQI4yhsE6pnmt6OqZJ8YAyg== X-Google-Smtp-Source: ALg8bN5ygcUYYPsl2+lX9a8/Mneat64igCqT3pLFQyRnitfQWYPyjMzL6lTW3KKhNuZr5fFk6VeBxg== X-Received: by 2002:a63:3287:: with SMTP id y129mr212pgy.337.1546041547085; Fri, 28 Dec 2018 15:59:07 -0800 (PST) Received: from Stas-Pro-2016.local (c-24-4-176-254.hsd1.ca.comcast.net. [24.4.176.254]) by smtp.gmail.com with ESMTPSA id l5sm49588127pgp.82.2018.12.28.15.59.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 28 Dec 2018 15:59:06 -0800 (PST) To: Dmitry Stogov , PHP internals References: Openpgp: preference=signencrypt Autocrypt: addr=smalyshev@gmail.com; prefer-encrypt=mutual; keydata= mQMuBE9mqaARCACFSqcGmNunkjQQu3X+yXnTmFeEkvM4JXZTOBdR8aEevNGmmFEfyvjaDjWi 9hcwp4E/lYtC+P7VsVjM1OSX9eq0jC/lGL0ZyRXek+mNy0n5H1NSuTpf9Y18LMqhc4G+RU+L cNiZ9K0DJuOOvNLPxW7OHZguxb3wdKPXNVa2jyRfJAKm2uaJJMT1mTmFT9a0Q8SKr+mUrrJk uG0H2o6SzrKt8Wwoint1eh67zVsJaJtQFchnEZnlawIcqP2yC4nLGR3MkubowxoEBYCZet18 aHVVRbvpG2Qtob8Lu5xrsGbmXymTkHTdpvkfcJFADa8MzOL90zOxXwbGfbIZOlh5En8jAQCX lfnx2eQL3BSW/6XANa51dbWiEp1d1BAkpGKtZvlk0Qf+M9WAi+9aXMe3xP5krxtgnRNUf2WN 6Zdy2MxL1RRJCFbytLhl0ronC49BsGYVGshdEH8xhBbiIOJKuVZ/DTl9bEm7P9c7CC7iJyVC khUAhouH6xzZQNLR+RU+QebYzXypVfl99Qk7EdMmr/WAZCHLuvanyqepC5EBsa3VnAfQemSN oBeGBKWWLiOsPjvS72+y1z4RUMAfXHn4l/sFMt8zt7/74AmJPwZquV41p4mPO12V4+xPyc6R sB84sfsk2QVivU8w8AkvGQeYjXoz7Iwao95+fWteVzZ36KRQvUckP8pGjHlDXnHxJ0HI1I/k OBZSjwRwUf0dd73y6erPhbLk+gf+NdI3H9KGJBzG5/rVyWKwUeQ9d5ud4jTJRkQGvAP5pg76 vEa9dogbpe4W5Z+0BfbiJSnQmQWSHiZddj/t33ptbup44Ck6ZTgdlmFYMLF1hR47PIZTDKER EuKYGci/vq8snZvEJP9YCw/TtiHcMdrMKcY/+Lp8lQO0GHLPB9glVhnC0db6l1Xpg1CMI8/R ozBMcij30EgATggC/y2zbiqAFoS9FN9nXPbe4phStqABEyeZ+nXudt7PUYTjVgcrqo8bHZCi sBobWC7OnKyUzxVxzUeuPkIfmZuzkLaMw2McQdvwwsNvQ0DzaLP30c1Xsm/7EIYJcOWpzlVJ 5QrdmE0/BbQyU3RhbmlzbGF2IE1hbHlzaGV2IChQSFAga2V5KSA8c21hbHlzaGV2QGdtYWls LmNvbT6IegQTEQgAIgUCT2aqtAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQL3lW vF2gS12XMwD9HuRIolSwIK77u8EY461y2u6sbX36n5/uo/LDQuxoi3sA/0MvpnvzOhv9Iufv vsZEj3E7i3h+iD5648YMwfTFCij+uQINBE9mqaAQCADfZPMpjZkkGZj3BY/7ApoLq4mwqzbh +CpLXwNn20tFNvSXfb8RdeXvVEb7Scx+W9qYpiaun2iXJgCVH8fgpZpR856ulT1q6uCG++CX ubEvip/eJkZl93/84h04KQJwsgOrAh0Om3OePRn8Pr+++0LNS0EL8uX/YHeTOGOnnmTqYTey SBVFdov6L4mepddfjekicKQqhL7mZh/xuq29JijT0uNNX8v4vDWQDu5dlAcdd+uB3gcXMD/P ginD11zp+6wtrWCm/+yBqpvDwXQX5PGUnwvbRfl7Ay3MmwmoXiecZMg0dwTSc7e0lhB4HGRH ZdBMJB4rHUVGdzqujK/ctOvrAAMFB/0Utb76Qe6sCMlHxVAmeE/fbo7Pi05btZ/x01r67dHf aMSP0riCKJ7M0OW+jAXtu9+z/BVnYisW67WWfxl2cS5tZDgiHgJARXWUOO72+sScHP8KQmTl 1z16gyKbwY3SmyBkwcpOL35nhUWNLy93syPoY6sZUTikr2bZYukHDQ33XBPs4e6MbWKfsa9q aVmnlOF3k5UqChjutfHaEa4Q7VP4wBIpphHBi9MI16oJIzzBPbGl2uoedjwiZ6QeQZnSuOVY ZxU2d3lRA8PrtfFN1VSlpEm/VcAvtieHUYWHN0wOu+cp3Slr5XJVNjTjJhl28SlinMME54mK AGf2Ldr/dRwXiGEEGBEIAAkFAk9mqaACGwwACgkQL3lWvF2gS126EQD/VVd3FgjLKglClRQP zdfU847tqDK4zJjbmRv5vLLwoE0A+wbrQs7jVGU3NrS0AIl5vUmewpp2BKzSkepy23nWmejw Message-ID: Date: Fri, 28 Dec 2018 15:59:05 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.3.3 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] [RFC] [VOTE] FFI - Foreign Function Interface From: smalyshev@gmail.com (Stanislav Malyshev) Hi! I like the idea of having such an agile API in the language. But I am, like many others, somewhat worried about security implication of this extension. In theory, it does not give the attacker anything they don't already have - if you have PHP code access, you can probably execute anything on the server under PHP user, given enough work, regardless of the settings, more or less. In practice, however, "enough work" can be a very different thing - a difference between having to be a rather skilled low-level programmer with code exploitation background to find specific venues to circumvent PHP engine, and direct highlighted easy-to-use highway to accessing arbitrary memory and running arbitrary code. Again, it's not a security issue per se, especially given the default of ffi.enable=preload, but what if we have a bug that somehow allows to circumvent those? If this extension were not enabled by default and required explicit enabling action to build - that's fine, if you did it, we assume you know what you're doing enough to assume the risk. But if it's present and enabled by default in a common PHP build, I am concerned that we're creating a small stepstone making PHP systems easier to exploit. Again, it's not a security issue per se, and there are layers of that should prevent any problem - but that's the thing, security works in layers, and FFI would make it one layer weaker. If we said default build has it not compiled in (and would recommend distros to also ship it as a separate extension, requiring explicit action to install) then I'd be fully confident to vote yes for it. -- Stas Malyshev smalyshev@gmail.com