Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:105669
Return-Path: <php@bohwaz.net>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 75849 invoked from network); 11 May 2019 03:07:38 -0000
Received: from unknown (HELO mail.kd2.org) (91.121.181.110)
  by pb1.pair.com with SMTP; 11 May 2019 03:07:38 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bohwaz.net; s=mail;
	h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date; bh=TSwP5yQZ71nTg06dmc8OQz8FEuafxIgfOYATDu+F7TM=;
	b=oX8mn09i74ErXtCcpes/z/8Zb7MEKyAng4HVHGCsLAUmmXvJq+4PnLxUVlmgQ3EZQ/OJtVo3ycThlaIwB2L6JAW6NTykABUJZKcXQ7Xh90GMmci5UzgXBKtkHfjcsWn+vdinGAdrDsAkoQFwaLCRN0BNzmZ/konyfVsfvJv4a6U=;
Received: from 195.150.13.109.rev.sfr.net ([109.13.150.195] helo=platypus)
	by mail.kd2.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.84_2)
	(envelope-from <php@bohwaz.net>)
	id 1hPFcl-000739-PL; Sat, 11 May 2019 02:12:23 +0200
Date: Sat, 11 May 2019 02:12:17 +0200
To: Niklas Keller <me@kelunik.com>
Cc: PHP Internals <internals@lists.php.net>
Message-ID: <20190511021217.1aaac8f5@platypus>
In-Reply-To: <CANUQDCjV3ke8jFmeBEXOzEi5HLQiYwWmC2UUaoOP+t0JGRtg9Q@mail.gmail.com>
References: <CAF+90c-4-R4SYY_AAL679ZYBn2QAZTYAGXH6E6Bz1hYGN=MFcA@mail.gmail.com>
	<ea139574152ce7376946c8e2d45051df@bohwaz.net>
	<CANUQDCjV3ke8jFmeBEXOzEi5HLQiYwWmC2UUaoOP+t0JGRtg9Q@mail.gmail.com>
X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Authenticated-User: bwz@bohwaz.net
X-Authenticator: login
X-Invalid-HELO: HELO is no FQDN (contains no dot) (See RFC2821 4.1.1.1)
X-Sender-Verify: SUCCEEDED (sender exists & accepts mail)
Subject: Re: [PHP-DEV] open_basedir?
From: php@bohwaz.net (BohwaZ)

On Fri, 10 May 2019 22:55:51 +0200 / Niklas Keller <me@kelunik.com>
said :

> That's exactly the reason why I'm for removing it. There will always
> be ways to circumvent open_basedir and setups like this are insecure.
> It gives a false sense of security. It's not better than nothing,
> because most hosting providers would opt for a real solution instead
> of leaving users entirely unprotected.

What's your solution then? I'll be more than happy to have anything
better that will work with thousands of users :)

Also I don't get the argument that because it isn't perfect it would
not be useful. It definitely is, as a security measure.

chroot isn't perfect either, but you might want to use it as well.

Same for disable_functions, sure there will be ways to go around it,
but it will still block 90% of attacks we might get. So, definitely not
the most reliable thing, but it adds a layer that may help.

I can pick the lock on my front door in about 10 minutes, a
professional probably much less. And you can enter by breaking a window.
But it is still effective as a security measure. And it would be silly
if someone would come and tell me that the lock should be removed
because it gives a false sense of security :)