Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:107760
Return-Path: <krakjoe@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 3745 invoked from network); 5 Nov 2019 12:04:17 -0000
Received: from unknown (HELO php-smtp3.php.net) (208.43.231.12)
  by pb1.pair.com with SMTP; 5 Nov 2019 12:04:17 -0000
Received: from php-smtp3.php.net (localhost [127.0.0.1])
	by php-smtp3.php.net (Postfix) with ESMTP id 3CEA62CFE68
	for <internals@lists.php.net>; Tue,  5 Nov 2019 01:53:40 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp3.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,DATE_IN_PAST_24_48,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=no autolearn_force=no
	version=3.4.2
X-Spam-ASN: AS3215 2.6.0.0/16
X-Spam-Virus: Error (Cannot connect to unix socket
	'/var/run/clamav/clamd.ctl': connect: Connection refused)
Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp3.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue,  5 Nov 2019 01:53:39 -0800 (PST)
Received: by mail-pf1-x42f.google.com with SMTP id d13so14857526pfq.2
        for <internals@lists.php.net>; Tue, 05 Nov 2019 01:53:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=2XhznVPEko8kVUaACVm9KyZBkUXIGkMV8Hi5TXJCN+0=;
        b=roS1ogotu4zI/iRqRrJwqKTFY1QqRm6y8kOYGC7lcitQ0jetyPhDjJbl7QT8J37S0o
         2oeQExA481B4IjUhewbKS2PtMzDUsEQ25k5B8OhE+y1oXmrV5sGZZ4gv1EyYov5qPuoy
         i1I7/kxfOEOCFVMRqz9WdaDm/933g+aiGYfbKuK+DaTSxWMBFRICRuNqKRgZtiOsRTv5
         jysxATh96Me2XCRTWLtpUB/QrJ8e/7QMDNOWIjFKpdmSnDGlwvkNr7VvfA7SVssSgysq
         ueGtL6yBbRhQxzWiNngq76lz943bBHFEM+axepzneZEf3emUfFg9KgK60AfIAIfzqAl9
         h+mA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=2XhznVPEko8kVUaACVm9KyZBkUXIGkMV8Hi5TXJCN+0=;
        b=tY6zVp777SCmLykcSNg/1+IEukVqeoOmx46WUe9K4wsGRgLuuKOyHOIrj9Wun6a3HH
         4n+W5SIMKnv4h2oaYcoUN74PmwdJZaw0iJ7hMhFmj3fxNQMa3FGCqe7GgQyRs5cjXyRq
         1I5JaWSt1xFNeL6EA6f3ZndmmiFuK5SJqDec2Y8XbmpwGblv8t60NRn4/WhusFuQ8uNv
         o7Jscy7fUT77hvzhbWYqkPF9CT2QUcHZ8rLJ/qMx9ABW0dD/wk5x8rZ9ayZZlTWYeCr/
         JSDuJn7wvE3O3iwZJvXeTEdCVQfcWUd1wRHCoM5SW4Vb4tIt+drs80eTMn/6oxo9wov5
         UoPA==
X-Gm-Message-State: APjAAAUl/vEeL1nOGPmhkKbNx5Vr0ucwZ4rQbuQdDh8aD7M3dUt02a+i
	xSiXpSZuvmz/KjWo9fJ7mGflkIKsi2l+nww68Fq1MP3A8as=
X-Google-Smtp-Source: APXvYqxaaeD48Vq52gGJr/JnGsSKeebXxcJey6TULWf+4xjSky0kpV67P/mE+jI5636gUf+87/IZxmebLeWJIINhzTU=
X-Received: by 2002:a1f:acd0:: with SMTP id v199mr10919251vke.5.1572856391424;
 Mon, 04 Nov 2019 00:33:11 -0800 (PST)
MIME-Version: 1.0
References: <CAOwTYAsyi1ahiRBaWcqs5HEiRCNfVQz3MirTB0Qu39v2ivz6ng@mail.gmail.com>
 <7fc5347c-a634-0b68-8b2b-95be6f7d2ce4@gmx.de>
In-Reply-To: <7fc5347c-a634-0b68-8b2b-95be6f7d2ce4@gmx.de>
Date: Mon, 4 Nov 2019 09:33:00 +0100
Message-ID: <CAOwTYAuFU-sF59bjbyLPXHoFmjh1tjb-uL=HToMSskEt9Po=AA@mail.gmail.com>
To: "Christoph M. Becker" <cmbecker69@gmx.de>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="0000000000007e61720596812a54"
X-Envelope-From: <krakjoe@gmail.com>
Subject: Re: FFI & Security
From: krakjoe@gmail.com (Joe Watkins)

--0000000000007e61720596812a54
Content-Type: text/plain; charset="UTF-8"

Morning internals,

Sorry about the delay, this has now been updated.

> There was an unexpected problem communicating with SMTP: Unexpected
return code - Expected: 250, Got: 451 | 451 4.3.0 Error: queue file write
error

Because infrastructure ...

Cheers
Joe

On Wed, 30 Oct 2019 at 12:41, Christoph M. Becker <cmbecker69@gmx.de> wrote:

> On 14.10.2019 at 09:44, Joe Watkins wrote:
>
> > Recently we voted on classification criteria for security bugs [1], we
> > include under "not an issue" any issue that "requires invocation of
> > specific code, which may be valid but is obviously malicious".
> >
> > I would like to add an explicit clause under the "not an issue" section
> for
> > anything related to FFI.
> >
> > It hardly seems worth it to run an RFC, although I'll be happy too if
> there
> > is a single dissenting voice.
> >
> > If there are no objections, I'll modify the document 7 days from today
> > (Monday 21st October).
> >
> > Cheers
> > Joe
> >
> > [1] https://wiki.php.net/security
>
> What is the status here?  It seems the security classification document
> has not yet been updated.
>
> Cheers,
> Christoph
>

--0000000000007e61720596812a54--