Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:105636 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 49845 invoked from network); 8 May 2019 07:45:14 -0000 Received: from unknown (HELO mo4-p00-ob.smtp.rzone.de) (85.215.255.25) by pb1.pair.com with SMTP; 8 May 2019 07:45:14 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1557290957; s=strato-dkim-0002; d=kelunik.com; h=Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=7jdnf2qag3NJfWprptDKSD5mBbs3herhTDg5nNxt8H0=; b=J7e+Z5xSrznl2IG8G/BICJvgCUlohJ0zPLZMz67aea/jY/vO5/EVu8MEoCyK8wLRYu Zkxehr8wWQX+FsUaElkGA9Ci3op+ZjyNjmmSsQadhsQ20Edaxs1UWW4yEAnqhE8g/nec l5XkqCMCg7MNQJ8vevstEpeNP4n3sBniWJQbwDKb3NcLQZQd0dSyXG+GW52Rh5Wfhuqn yvekj3QBQlwJh5q16R7D9IGBwZvglKbqq/jeVB/3+Wz67U3Wu1kLWYGQJHcfycGOB+CV NaPcO5/1tGe76mM59z7wVyBt++keh2D6IVFWPM7vvgmxutmTVApwOCJk8yH/J3uLMgZ0 ioKA== X-RZG-AUTH: ":IWkkfkWkbvHsXQGmRYmUo9mlsGbEv0XHBzMIJSS+jKTzde5mDb8AaBYcZiAlcA==" X-RZG-CLASS-ID: mo00 Received: from mail-pf1-f179.google.com by smtp.strato.de (RZmta 44.18 AUTH) with ESMTPSA id D06319v484nH5MM (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for ; Wed, 8 May 2019 06:49:17 +0200 (CEST) Received: by mail-pf1-f179.google.com with SMTP id z26so9829795pfg.6 for ; Tue, 07 May 2019 21:49:17 -0700 (PDT) X-Gm-Message-State: APjAAAWNBcSCtwiiog1TQd43GDQH41U67IRyOiqaBiCzvaK+hrd5TKa8 /fAM6TWP7cl51vpHB+ZfAZStU/F7J0w52bkH0IE= X-Google-Smtp-Source: APXvYqx8fthEGB5J8RStiMsKOVtF/aDlPeLi8Wyh3z3FzmvhfsF6RLMGeEGgDPXu5MVDV0LZt2eM2E0D7/Gk7YbfqzU= X-Received: by 2002:a65:5c8c:: with SMTP id a12mr44430938pgt.452.1557290956744; Tue, 07 May 2019 21:49:16 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Wed, 8 May 2019 06:49:05 +0200 X-Gmail-Original-Message-ID: Message-ID: To: Nikita Popov Cc: PHP internals Content-Type: text/plain; charset="UTF-8" Subject: Re: [PHP-DEV] open_basedir? From: me@kelunik.com (Niklas Keller) Am Di., 7. Mai 2019 um 12:11 Uhr schrieb Nikita Popov : > > Hi internals, > > The open_basedir ini setting has two significant problems: > > 1. It is a major performance hit, because it disables the realpath cache. > > 2. Many people think it is a security feature and use it as such. However, > open_basedir is in reality a "best effort" mechanism, with known > workarounds and more regularly being found. Especially when it comes to > interactions with 3rd party libraries, enforcing open_basedir is simply > impossible. > > What open_basedir tries to do must be implemented on the operating system > level to work reliably (and of course such mechanisms exist, such as jails, > chroot and friends). > > I wonder if it is feasible to drop this ini setting? Enforcing this doesn't > really seem like any of PHP's business. If not, I think we need to at least > > a) make it clear in the documentation that this is *not* a security option > and only exists to prevent "accidents" and > b) update the security policy (https://wiki.php.net/security) to state that > open_basedir bypasses are not security issues. I believe this has been part > of Debian's security policy for some time already. > > Regards, > Nikita Hi Nikita, I'm probably in favor of removing it. If it is used for unit tests to check file access outside some directory, we could maybe allow it to be set by code only but not by php.ini? If we decide to remove it in PHP 8, we should probably trigger a fatal startup error in case it is configured in php.ini to prevent loosing the protection entirely for people relying on it. Regards, Niklas