Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:124298 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id 1D3C11A009C for ; Mon, 8 Jul 2024 22:12:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1720476809; bh=+Y2JWhXg9TVk30aXsMe2hVLw6T8h/Nb3+eFXVB5Yh6Y=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=OPb6U+vj8UgTqcG0YahRLHQe0pADL7b/Kb6V8xf/Vyy2DXuSBZSPdN0vprg6U0emF 6MYvJWftntaSzyRff6dYa+rSJbqLGW1oNX9Fh50+/jJT5USM5adlnqns8j1CgkxCjL TYikS5tuvC20Gc17fxCA1OlO3nv8/Ll0H6kkQirUCZgZt4wKmI1CLHwRShl1wjN5b6 IZh3TR8LXxsOFvX2zrA0ZVFTWTfchVuz4d0rEmOKYQyrQZ/lqpdasTIeSg0eS9UyyN aqiH30NEzusK1e3D/EqoOiHFaEW8OAzELSn4UifpH9Td03r/AhsDnEk0/5GEQqZo0t dUha6MnQpXm+Q== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 2CC3D1805A2 for ; Mon, 8 Jul 2024 22:13:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,DMARC_MISSING, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: Error (Cannot connect to unix socket '/var/run/clamav/clamd.ctl': connect: Connection refused) X-Envelope-From: Received: from malamute.woofle.net (malamute.woofle.net [74.207.252.100]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 8 Jul 2024 22:13:28 +0000 (UTC) Received: by malamute.woofle.net (Postfix) with ESMTPSA id 0822C1F185; Mon, 8 Jul 2024 15:12:03 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\)) Subject: Re: [PHP-DEV] pcntl_exec update proposal In-Reply-To: Date: Mon, 8 Jul 2024 15:11:52 -0700 Cc: PHP internals Content-Transfer-Encoding: quoted-printable Message-ID: References: To: David CARLIER X-Mailer: Apple Mail (2.3774.600.62) From: dusk@woofle.net (Dusk) On Jul 8, 2024, at 14:12, David CARLIER wrote: > Through this existing PR, I wanted to know how would appeal to you = adding some access restriction upon this existing call, using the open = basedir check. So if the sysadmin wants the php user having no business = calling `/bin` commands for examples would do that, bringing a bit more = of the former suhosin "spirit" here. open_basedir is usually used in conjunction with the disable_functions = directive to disable all functions which execute external commands, = including pcntl_exec(). It's largely ineffective if the user can execute = external commands, as those commands are not themselves restricted by = open_basedir. (For instance, if PHP is allowed to execute /bin/cat, that = can be used to read any file; if it can execute /bin/sh, that can = execute any other command.) Additionally, if there *are* PHP = installations which set open_basedir but do allow pcntl_exec(), this = change would introduce a major incompatibility by disallowing all = commands. If your goal is to restrict what external commands can be executed by a = PHP script, any solution would need to be applied to all functions which = can execute shell commands - exec(), shell_exec(), system(), passthru(), = proc_open(), shell_exec(), popen(), not just pcntl_exec(). Keep in mind = that some of these functions take a string as input which is parsed by = the shell; implementing path-based restrictions may be very difficult to = do in a general fashion.=