Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:117137 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 94130 invoked from network); 25 Feb 2022 10:51:48 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 25 Feb 2022 10:51:48 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 50427180381 for ; Fri, 25 Feb 2022 04:12:01 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com [209.85.219.178]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Fri, 25 Feb 2022 04:12:00 -0800 (PST) Received: by mail-yb1-f178.google.com with SMTP id u12so5442655ybd.7 for ; Fri, 25 Feb 2022 04:12:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dtqPFPsQDWu4pygP3RJCuDTyAU1Fx0cN/BfGtKccBa4=; b=HpfpT8151HBx0sXOFsX44JyaedanWAe/PY00U6JUcjej9vl8y1fOFcv+aJAlhqgbcV ONpH7KglD6Jtod1s3IMAO/0lBr6ZHFXAjWB0SpmbvhYqq5KS2Eypd8MlEVMZ6ySnGnj5 coowJs0H7LJku0WiIVAR8NLZR1/PRaeOdoRy69HF4Vkzj8z9eMF5D9DiJ/JGjPwLYwT6 bwTKAjf6P4l5ZSTNIJFGtdx723Uc+Q69DRkNu1VTOq57LqiJcVJt+lrKCEi9smZrZGW/ /pN11+43yokucZZWObgCIjeWh22oxwLJANetYEWe8J1nbokO9fUmxSExtXbZ31dmJ4c8 eCrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dtqPFPsQDWu4pygP3RJCuDTyAU1Fx0cN/BfGtKccBa4=; b=1P5m7pPqM+JgXbORwJje4qlMpysLAXvJoJP6VryjmfetkN3wrjtljCUKN1knycFT9c W0kuy3v4byY9d8GnsVOS0jFWHPWDk87870zo2qf3GLD3IsA+4bIdhigQ3Fn5fW+qgmi8 XuQZuDRNj6fU50u+08yVvTnciaDmU0gnA/As4RfVggdlNtOijduqGt+qnTB0udLF7kL5 za79AAkfXD1doSpjlkiYd63gc5VKnayxKqpMUxdGKFMmDSIJp5xe8Meyjaoy50f3NTIb 0ErG8BsOyumSg77UImqhJvPfXmDBTULPp4fZCzmHhF/BCqhQEeSN/SSB7Bud3Fk5MW+r yQBw== X-Gm-Message-State: AOAM531Mn16KFlD+fmytJgoTiLT1hz68TsxfBn2PmFilOKfD+ufvnNMa EIJWS7/s6PXVgHaB7zcJfGVsrbGuSgR/UaNQJQ== X-Google-Smtp-Source: ABdhPJx9Gefvc9CouEfFc83KDVrT2X1BFQCVO0xvnZGms9unGDezaGwPr+GGfEp017JXeR/tJagr7AlAxzqP0OUBpRE= X-Received: by 2002:a25:8911:0:b0:61e:1c66:17b0 with SMTP id e17-20020a258911000000b0061e1c6617b0mr7126766ybl.354.1645791120333; Fri, 25 Feb 2022 04:12:00 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Fri, 25 Feb 2022 13:11:50 +0100 Message-ID: To: =?UTF-8?Q?Tim_D=C3=BCsterhus=2C_WoltLab_GmbH?= Cc: PHP internals Content-Type: multipart/alternative; boundary="0000000000001a1e7b05d8d69b87" Subject: Re: [PHP-DEV] SensitiveParameterValue serialization behavior From: guilliam.xavier@gmail.com (Guilliam Xavier) --0000000000001a1e7b05d8d69b87 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Feb 24, 2022 at 3:11 PM Tim D=C3=BCsterhus, WoltLab GmbH < duesterhus@woltlab.com> wrote: > Hi Internals! > > during code review of the "Redacting parameters in back traces" RFC [1] > an issue with the proposed serialization behavior of > SensitiveParameterValue objects became apparent that was not noticed > before the RFC went into voting: > > The RFC proposed that serialization was allowed, but without including > the inner value in the serialization data: > > public function __serialize(): array { return []; } > > As this operation is lossy, it was proposed that unserialization fails > and this is what was implemented in the PoC patch: > > public function __unserialize(array $data): void { > throw new \Exception('...'); > } > > The decision to allow serialization was to allow existing error handlers > to work without needing to special case SensitiveParameterValue. However > it is clearly not useful, if unserialization does not work after all. > Any error during unserialization is not recoverable. > > Please find the thread in the GitHub PR at: > > https://github.com/php/php-src/pull/7921#discussion_r813743903 > > As per Ilija Tovilo's suggestion I'm looping in the Internals list as wel= l. > > I see two possible options to remediate this issue: > > ------- > > 1. Disallow both serialization and unserialization. > > This will make the serialization issue very obvious, but will require > adjustments to exception handlers that serialize the stack traces. > > 2. Allow unserialization, but poison the unserialized object and > disallow calling ->getValue() on it. > > This would be closer to the original intent of the RFC, but moves the > issue just somewhere else: The object would not be usable either way. > > ------- > > What would be your preferred option? Feel free to either reply on the > list or add to the discussion on GitHub. > > Thanks! > > [1] https://wiki.php.net/rfc/redact_parameters_in_back_traces > Hi Tim, I would prefer option 2 (if possible), to avoid potentially breaking existing code. Calls to ->getValue() will be in new code written specifically for SensitiveParameterValue anyway, and can be wrapped into try-catch, I think? Best regards, --=20 Guilliam Xavier --0000000000001a1e7b05d8d69b87--