Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:105674
Return-Path: <lester@lsces.uk>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 3001 invoked from network); 11 May 2019 12:07:26 -0000
Received: from unknown (HELO purple.birch.relay.mailchannels.net) (23.83.209.150)
  by pb1.pair.com with SMTP; 11 May 2019 12:07:26 -0000
X-Sender-Id: s0seqk11zu|x-authuser|lester@lsces.uk
Received: from relay.mailchannels.net (localhost [127.0.0.1])
	by relay.mailchannels.net (Postfix) with ESMTP id EDE08341197
	for <internals@lists.php.net>; Sat, 11 May 2019 09:12:16 +0000 (UTC)
Received: from draco.thewebhostserver.com (100-96-6-41.trex.outbound.svc.cluster.local [100.96.6.41])
	(Authenticated sender: s0seqk11zu)
	by relay.mailchannels.net (Postfix) with ESMTPA id D0105341052
	for <internals@lists.php.net>; Sat, 11 May 2019 09:12:14 +0000 (UTC)
X-Sender-Id: s0seqk11zu|x-authuser|lester@lsces.uk
Received: from draco.thewebhostserver.com ([TEMPUNAVAIL]. [185.38.44.226])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384)
	by 0.0.0.0:2500 (trex/5.17.2);
	Sat, 11 May 2019 09:12:16 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: s0seqk11zu|x-authuser|lester@lsces.uk
X-MailChannels-Auth-Id: s0seqk11zu
X-Belong-Army: 065bf6ca5c635d06_1557565936394_3099308245
X-MC-Loop-Signature: 1557565936393:911315373
X-MC-Ingress-Time: 1557565936393
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lsces.uk;
	 s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version
	:Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
	List-Post:List-Owner:List-Archive;
	bh=V0yR+nVkn0Ob5w7zE3euvyvrdtqk6P+ejeY9uJ9Mojw=; b=Y4McbwKBpjAcIIpS0NJGiwbqHW
	klFsfryjjj4ldpllH9L+rdR7qdizeLBHvPnJpuIo+EwWdHVoR7lzxsVozMHKUOK2+gQwL9ZE8pwGJ
	1O4gIcU2cC4hHJgzpB2p+K6i68j78I1gNlIj8K2ASyck5XLYU+3XlnPmqmHPY5dKieXdOJIZkUAQg
	1WoXu+DQeed1SpJ0Tx/br4dqm8QZefKlWTzDkhahdcmug/2Glvwxn649YbpIVp/YPeCYi0odapeJT
	3fTiKec7V5an/5NwJRgIl2yfdz7stYLjW174f53cBRRhOvg1WeEeCzlcWGOZn2dQm77vHLW4Z5Tgp
	hDre0wMw==;
Received: from static-87-75-107-50.vodafonexdsl.co.uk ([87.75.107.50]:52334 helo=[10.0.0.7])
	by draco.thewebhostserver.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
	(Exim 4.91)
	(envelope-from <lester@lsces.uk>)
	id 1hPO2w-002cuq-SR
	for internals@lists.php.net; Sat, 11 May 2019 10:11:58 +0100
To: internals@lists.php.net
References: <CAF+90c-4-R4SYY_AAL679ZYBn2QAZTYAGXH6E6Bz1hYGN=MFcA@mail.gmail.com>
 <ea139574152ce7376946c8e2d45051df@bohwaz.net>
 <CANUQDCjV3ke8jFmeBEXOzEi5HLQiYwWmC2UUaoOP+t0JGRtg9Q@mail.gmail.com>
 <20190511021217.1aaac8f5@platypus>
 <CANUQDChJJhhnqkDjmK792U63BViZY3aRpyzKtJjQffBggPmo6w@mail.gmail.com>
Message-ID: <3cc47019-c446-141c-0c96-4d5d1545230c@lsces.uk>
Date: Sat, 11 May 2019 10:11:58 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CANUQDChJJhhnqkDjmK792U63BViZY3aRpyzKtJjQffBggPmo6w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
X-thewebhostserver-MailScanner-Information: Please contact the ISP for more information
X-thewebhostserver-MailScanner-ID: 1hPO2w-002cuq-SR
X-thewebhostserver-MailScanner: Found to be clean
X-thewebhostserver-MailScanner-SpamCheck: 
X-thewebhostserver-MailScanner-From: lester@lsces.uk
X-Spam-Status: No
X-AuthUser: lester@lsces.uk
Subject: Re: [PHP-DEV] open_basedir?
From: lester@lsces.uk (Lester Caine)

On 11/05/2019 08:53, Niklas Keller wrote:
>>> That's exactly the reason why I'm for removing it. There will always
>>> be ways to circumvent open_basedir and setups like this are insecure.
>>> It gives a false sense of security. It's not better than nothing,
>>> because most hosting providers would opt for a real solution instead
>>> of leaving users entirely unprotected.
>> What's your solution then? I'll be more than happy to have anything
>> better that will work with thousands of users:)
> Solutions that work at the OS level have been suggested in this
> thread. It's not my job figuring out a solution that works better for
> your business at scale.

Suggested, but that falls short of providing a solution for those users 
who may well not even be aware it is being used. When one hits a 
deprecation warning there should be a reasonable set of instruction to 
go with it offering an alternative. It SHOULD also be recognised that 
many users will not actually have any control over the OS level and 
being able to wrap different applications running in ones own shared 
hosting to protect one's own operation IS one of the useful features 
open_basedir provides? Having to create different hosting accounts to 
achieve that seems somewhat insane?

https://uk.godaddy.com/help/can-i-use-open-basedir-on-my-server-running-parallels-plesk-panel-1619 
is an example of one hosting providers use of it and something which 
would probably require every host to rework their support crib sheets :(

-- 
Lester Caine - G8HFL
-----------------------------
Contact - https://lsces.uk/wiki/Contact
L.S.Caine Electronic Services - https://lsces.uk
Model Engineers Digital Workshop - https://medw.co.uk
Rainbow Digital Media - https://rainbowdigitalmedia.co.uk