Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:115368
Return-Path: <cmbecker69@gmx.de>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 64699 invoked from network); 8 Jul 2021 10:45:15 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 8 Jul 2021 10:45:15 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 96F571804D1
	for <internals@lists.php.net>; Thu,  8 Jul 2021 04:07:26 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,NICE_REPLY_A,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <cmbecker69@gmx.de>
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu,  8 Jul 2021 04:07:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
	s=badeba3b8450; t=1625742444;
	bh=DW1C3ZkWcJzRyEdFvbR128XzsLtUtqVg3SLpX2pthas=;
	h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To;
	b=cwDIcwQ9DEZda3bRa9i7y4HmV7E8HrfUcrSqIFvSvnjRdBpKDSUO+Ws14Js458vvi
	 m7DbnRyKd35CS9l1/esyL80CEtRMlXTzSBImpG4cptgWgzKFp44jSTvF2PnRTTd/K8
	 GPrpcNcCB43sMViVxeFrDR+phYElLMPdllWedtdQ=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.2.130] ([84.179.245.227]) by mail.gmx.net (mrgmx104
 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MEFzx-1lrr5S3JWn-00AFLd; Thu, 08
 Jul 2021 13:07:23 +0200
To: Nikita Popov <nikita.ppv@gmail.com>,
 PHP internals <internals@lists.php.net>
References: <CAF+90c-4-R4SYY_AAL679ZYBn2QAZTYAGXH6E6Bz1hYGN=MFcA@mail.gmail.com>
Message-ID: <5af05f50-cf90-c0f2-adb7-b70b57ca1186@gmx.de>
Date: Thu, 8 Jul 2021 13:07:23 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <CAF+90c-4-R4SYY_AAL679ZYBn2QAZTYAGXH6E6Bz1hYGN=MFcA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: de-DE
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:TSLMI4gW0Bb8YK7spLgpvYT4892LIzCLTK7+4GwdV/rkRD/Kg9Y
 o+UI8UvAKdZQOMux+JSI57Ph7CZfpS++IXPIldpUW9IDREdDTt2B3dozUC0iYiIhvrb8ow6
 POOrkxlrZZ1ajJZmYLShTre3wk/7K9jDy/p01z44gicZJEKmc0+ZM55DlFAKTE9sj3kKphB
 Ef/tMuWDTl8a3HGTXBmxA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:Dz6UMpBftMY=:3YYMoDQ+hFmulea9O/B3km
 a9nk8v7sYBxBHsQLcHWApap+sybzW/qek1tVfaI5xV+E9eImkQyqxqC3uqY8o28raHNHKee4M
 huFUhBt1+/Zhd4ORpj9obzMqz3/AFGEXF4foo/MQJ2k5DDZJZjqmSl5vLlQAi59B+zhNWUxsp
 lBZfIGYBne3O9sM4j00cAzxSyUBoqiz9HU94i2Z5XgwCQy+1TPfUzsryc0KO/0b0yNnW1sim0
 7BGzdeQPtubQV1wNjVeYNVV13tEzt2+Un0eRerR77VcsjL+gGzuNbZEQ9rwOZrrbjcLbYljWC
 +hXKMeJ1VPdjHzHsES8Iyn0eJgZv1EOprdBSCAERdEY5bUl0gFThwnjM/GACO1R0MtBhDrK4Z
 U3L82WX04ci+YUh83tmArLtMgYnXIIbrnwVI0w0OHbzQP2eFI5+o+lo9FyYD0sj6IbqTaqn21
 S4QZbyEv9QPW0Q0gtSVGqbQXIpEDYAnwjAyyrdrhRtXdYm98HxOs3F4moIGB8IOBr2Ju56ID0
 X5rm4sWIkHeL26wg9m2tOEYU6zHn6x/rJMk4piCI47He3vQK5nCQQSOBeQo/AGfagxjcMdxEN
 Ypzf0tnu83sejfpyDkbLLVOgaAqPlnAsuNdM+DV1tuiiQdSEqzvd4yMeWNoKsoQDr8Bm/3qpf
 VKn/jsE3KPkufK5JwBWGoCVk9xUQ8Gr7cvUwDtwztcAEVvywDQDks6f2CYf4ovntgbMaMoilV
 WLXgTLO8kYTBmk4YPjWeJDk7/cuCEeAVM1bb+J5ugAtuemRMHUNlL3c8pSzvqCTWH31N9vWA7
 hC1QFHC1qavymoTdJDEn0Eal/h8CHIDjK9cZZ/ILuFHetAQ18PnmDOEOqcr88Qfg3fkeF7y3W
 gs1lzy2Ek1mbHWBF80DQPMmM3ztRZyh33dd+eWguM3JmCfd3wMyS4nfDCpYpS58L57VdiqtSh
 DXAquOOJMZa2S8IpKv/hSuu1K+Ny3bgwcsP6wmRFHwKsgrp9PcNuu5f1b8dv9A0jL55U8cZdr
 5efBKzi2OZ8AQb3El1c0UHqL2roTh25PnXUUQd4suI9RInQYxAmvZBM5O1fr1q9+Kzq0nWHN9
 5bY5wc5XUYJc3mO+PSsojKnbgW8aTySWn4/
Subject: Re: open_basedir?
From: cmbecker69@gmx.de ("Christoph M. Becker")

On 07.05.2019 at 12:11, Nikita Popov wrote:

> The open_basedir ini setting has two significant problems:
>
> 1. It is a major performance hit, because it disables the realpath cache=
.
>
> 2. Many people think it is a security feature and use it as such. Howeve=
r,
> open_basedir is in reality a "best effort" mechanism, with known
> workarounds and more regularly being found. Especially when it comes to
> interactions with 3rd party libraries, enforcing open_basedir is simply
> impossible.
>
> What open_basedir tries to do must be implemented on the operating syste=
m
> level to work reliably (and of course such mechanisms exist, such as jai=
ls,
> chroot and friends).
>
> I wonder if it is feasible to drop this ini setting? Enforcing this does=
n't
> really seem like any of PHP's business. If not, I think we need to at le=
ast
>
> a) make it clear in the documentation that this is *not* a security opti=
on
> and only exists to prevent "accidents" and
> b) update the security policy (https://wiki.php.net/security) to state t=
hat
> open_basedir bypasses are not security issues. I believe this has been p=
art
> of Debian's security policy for some time already.

Apparently, there has been no resolution for this issue so far.  While I
don't really care about the open_basdedir directive per se, I fully
agree that we should not advertize it as security feature, and to
clearly state this in the PHP manual, as well as in our security policy.

Christoph