Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:124815 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id 445831A00B7 for ; Tue, 6 Aug 2024 19:12:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1722971670; bh=eyg9XUwnGusUBLxVtH7WPRPjUT68UJxdkbhpLRXqM+4=; h=Date:Subject:To:References:From:In-Reply-To:From; b=Mu16Gz+WTszX1tooZz3WSSsWijCTzs/Q0Wu9aQgIQIcX3j9Av84QChboleZ9yGf6K Ez2ziscCmZgKou0DPrGSPZbbqWsosdJy77q8vBbZrLCP5dktf8As+r7AuZv644NVVf DVqH/mHwQWYNTkrjQGX3DKhbZPUDSL5X7/ha9u0guLExPQ8Upld13CCsr8+qctqKBi RypPT1YTfACvJR09z3vcXOCtx+qbVkPZZN3ysZc0Qc2/x17vnxd+cBIEkhg1vOFSIk zScRC5K2+Ftur13iyuNj+FGqGEIN5slettmSXcnkeQw/xDWhD2URSDeeWOl4H3Ws+4 loy4dz78o0K6Q== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id F38961801DD for ; Tue, 6 Aug 2024 19:14:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 6 Aug 2024 19:14:26 +0000 (UTC) Received: by mail-wr1-f54.google.com with SMTP id ffacd0b85a97d-369cb9f086aso644039f8f.0 for ; Tue, 06 Aug 2024 12:12:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722971563; x=1723576363; darn=lists.php.net; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=k51vyCU5D15T4KzLkeMW8652+Be1yF3aEoJ4gshcGBw=; b=X8gQoiyZL7wWzHyrVwghHA2N9bvjQWS+SdkmmnvOXpD5vE91wijGz3ceNUO1btUtTZ dxYAWXLUJ8Q1+B1ZoysZYwvtkznYhAs2RitYQKP8TK2LuwJ92qE/UO7ADOXrDVn/J+Dm QEbvlJCzzX8jb5QOSaOfAXUlvNWB9xKJjXALkPi/yaZ3SRARazZcLW2Yk9MlS6n0EPV2 yar0S5xGlbmFO0ueGK9sn4ESpqLwxyY1isCEZCrPdvtqS+9gZQKzOkhYHVJaqSaQQDQ2 QZ6dUveaof6JPH5H3+tnUP/15LbTWWrDGMS+UoObwoNCnXYlWeqAFNJQJufM4wEMSeXX afhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722971563; x=1723576363; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=k51vyCU5D15T4KzLkeMW8652+Be1yF3aEoJ4gshcGBw=; b=UaNZT9z1MF6Q7OL8ivoNGjK/8Duf/1H1r65V6bxMK5ZHoyb0osd8+5mr2ArZ29cr9W 0aE5uA0HCjjEKeJwcX6/lu2skiPFbbAKPFnT+PaaLTdO+2tptbcn6r5jhCBya5NcQ7pW O6gXX6nSWBrKbJnAA/YHZXSBKlMlBAmqqb6ZkprpFDpfm+CcAuDzkXNTFrDAgODagRAL IqVGKqvOOd88qD5v2scK2lcXWyS7vjbuTUbpen1u3TQEjvkV7Myj8ZX6TszL5VYyiKdy EtphQmOFeDXqIOS/P9N8lNBdXd8UyhjtO0hpqvQifQL3Odyh94b77No2ExM7nc7K1UTH n8Ug== X-Gm-Message-State: AOJu0YySQ3+BQzA4uMXWstIKYPA4Qs3ShLRcYrIYcDjIx41g9Uvu0Din 1fxG6mNadA3hUncVv/AEp3aIEEZyfpk4iIYdzCtcc6feikF3+NOVSiX/w0tY X-Google-Smtp-Source: AGHT+IGMpjfpj2yQKN+UDy/2BC3xjOYfoyvJ3CcjTuK+s+hl220O3uU1z3nADe97JBLxRlfuTYB3yA== X-Received: by 2002:adf:eacd:0:b0:367:9d2c:9602 with SMTP id ffacd0b85a97d-36bbc194267mr11844881f8f.49.1722971563039; Tue, 06 Aug 2024 12:12:43 -0700 (PDT) Received: from [192.168.0.104] (178-117-134-240.access.telenet.be. [178.117.134.240]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-36bbcf1e97esm13627960f8f.37.2024.08.06.12.12.42 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 06 Aug 2024 12:12:42 -0700 (PDT) Message-ID: <7b881961-e8bf-4a81-96f7-798968d10098@gmail.com> Date: Tue, 6 Aug 2024 21:13:56 +0200 Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PHP-DEV] [Discussion] Sandbox API To: internals@lists.php.net References: <7d9a9752-a202-4099-a60a-2686d4265d96@gmail.com> Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: dossche.niels@gmail.com (Niels Dossche) On 06/08/2024 21:05, Rob Landers wrote: > Hey Niels, > > I find this assertion kind of scary from a shared hosting perspective or even from a 3v4l kind of perspective. How do these services protect themselves if php is inherently insecure? > > — Rob Hi Rob I'm not a sysadmin guy or anything like that, so I don't know how shared hosting stacks looks like in practice. But containers, chroot jails, seccomp-bpf, ... can offer protection. And you should be doing those things anyway (as a matter of defense-in-depth) if you're offering servers running untrusted code. Kind regards Niels