Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:105606
Return-Path: <nikita.ppv@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 18093 invoked from network); 7 May 2019 13:07:28 -0000
Received: from unknown (HELO mail-lf1-f48.google.com) (209.85.167.48)
  by pb1.pair.com with SMTP; 7 May 2019 13:07:28 -0000
Received: by mail-lf1-f48.google.com with SMTP id v18so9195863lfi.1
        for <internals@lists.php.net>; Tue, 07 May 2019 03:11:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=zGMfxDqqOvZA82HcQ071Y9pV2o/OGd85mGwBdptRvwU=;
        b=db7KWDUQoUcmb9/8ryFBhwstzQ/N36v7zKoIeZC5CQBFQTNfSm1LeuLJts0BODkXHg
         77mYELYhT5TCQHjkS3P52bimzF3noebXPTUbj1k9BP+fAwg83dYz8RVPIZNQXyZAn8Al
         WS3JQTAy9AEWbJcagc9+qytMt7adTSXb2IzZKpwlhhnzsTxCKJpEZsfs4ZiEv1dhpdeZ
         SmqMqf4ihHIVCUCKYXn7f/Ik+C8MkgpAj8jZ3qYAWUrq3lAnvSWaXlQYdxtKxMcolXtH
         PQzycwj0BmTrXqit38Op+NR2lkKOKOG9kUIWJ5iyrT6+8RyRTenaCrZcbisPLIlJs9Tb
         OQuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=zGMfxDqqOvZA82HcQ071Y9pV2o/OGd85mGwBdptRvwU=;
        b=GSzl0+5DoaW5mjgHxMRTg6+M3yrWsJkPzwZ+Rqr8DMMLciF2+YepiW+HJi8wA2RQ25
         NXERyEBTa0fkHcTACJkLt8PphwsD87VMA+vhmXpTrmH3tlr92wG3+12GdmWNkGsBSEwx
         bRGNaEeSNNCasp4hgZd+TTRrBEgYXLB5JJL/j6HAk8E8M9CNDARsPItn/6FzaRdkRyjW
         vV9smigGWGZcrP5tK9nSsbl037XPLYAm51O/Mnan+USBxFlomKJ3WtYlIntJ86jeop2A
         Hl7w1n6vlY5eSBCgpCcmPVQLeGKCX18T1QDj+b7C56s06PI15rbM2bMWj5K1TXvYlKcN
         YL1g==
X-Gm-Message-State: APjAAAW1ID8+kxHCnclEZi5EM2XPIUZC8zlKRBl6scB3v4BUfHRZYhEN
	PoPdMCxm6VyKmd6Bs7KC9gtRx//7p4/yltYckpqk/Rg8sYU=
X-Google-Smtp-Source: APXvYqyXizhRwvpDfWT5VGAEDabOicOULbbx1bennoSy5QFPmW4eRdYRGKBVogLEm3C5eZ50wdYHkYwGbuSElit1p/c=
X-Received: by 2002:a19:1987:: with SMTP id 129mr17086646lfz.80.1557223879619;
 Tue, 07 May 2019 03:11:19 -0700 (PDT)
MIME-Version: 1.0
Date: Tue, 7 May 2019 12:11:03 +0200
Message-ID: <CAF+90c-4-R4SYY_AAL679ZYBn2QAZTYAGXH6E6Bz1hYGN=MFcA@mail.gmail.com>
To: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="0000000000002e4ad905884970ef"
Subject: open_basedir?
From: nikita.ppv@gmail.com (Nikita Popov)

--0000000000002e4ad905884970ef
Content-Type: text/plain; charset="UTF-8"

Hi internals,

The open_basedir ini setting has two significant problems:

1. It is a major performance hit, because it disables the realpath cache.

2. Many people think it is a security feature and use it as such. However,
open_basedir is in reality a "best effort" mechanism, with known
workarounds and more regularly being found. Especially when it comes to
interactions with 3rd party libraries, enforcing open_basedir is simply
impossible.

What open_basedir tries to do must be implemented on the operating system
level to work reliably (and of course such mechanisms exist, such as jails,
chroot and friends).

I wonder if it is feasible to drop this ini setting? Enforcing this doesn't
really seem like any of PHP's business. If not, I think we need to at least

a) make it clear in the documentation that this is *not* a security option
and only exists to prevent "accidents" and
b) update the security policy (https://wiki.php.net/security) to state that
open_basedir bypasses are not security issues. I believe this has been part
of Debian's security policy for some time already.

Regards,
Nikita

--0000000000002e4ad905884970ef--