Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:124823
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id 9C7301A00B7
	for <internals@lists.php.net>; Wed,  7 Aug 2024 12:49:43 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1723035085; bh=LugIPTu6+xPIEQGjri1XzwlDPbbN11CE/wkI0bc7z6E=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=iDkuYERvIyKesFf4I69hhhzUP/KJxE00gkeN5fTwBowN4IUWkH00CBUnqwZIy8wPz
	 0EorK9/DfcqamKoLbxSij5/9YCldnaVm9nvMyQwCMR4QBqoVOc+CfgYGrsSLoyMZ5h
	 gAXwBuSWpxogaEZnIeXHJdzS5hIYmvdGgkbq+5bam/p0ngMYPj1j8U222XUSjJDA4e
	 Hqs+YIUY/bUOn3vcB2qnKUcVrCvbvLZda7lLwXiweK1v/bBDEdLhmAowX2//rbwAUQ
	 BjxqMo85ykzqCoFxRm/ofmfsmpi1IrjRAa8Y50J+kprjt9Uj+DP7TMoW3jXyGs+F1q
	 Jh/kB8rk/A8bw==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id BD38618006D
	for <internals@lists.php.net>; Wed,  7 Aug 2024 12:51:24 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,FREEMAIL_FROM,
	HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
	SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <pierre.php@gmail.com>
Received: from mail-oa1-f53.google.com (mail-oa1-f53.google.com [209.85.160.53])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed,  7 Aug 2024 12:51:24 +0000 (UTC)
Received: by mail-oa1-f53.google.com with SMTP id 586e51a60fabf-260f863108fso941825fac.1
        for <internals@lists.php.net>; Wed, 07 Aug 2024 05:49:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1723034981; x=1723639781; darn=lists.php.net;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=NCcDtZPrbTb+a7tjYMwKRW3syNpuGYFonTqiR0oceqU=;
        b=W+npUwqQ/8vQELTdRUtz8FZF8HBNE8BrH6uz9I8IwFFgbqzi82GPapcIGgCQcdAHH+
         OxxROIpqkPjcvZ3584Cs4VAqd+FfbeakS54cH0Kc7OLEqc1uVLzO4MYJ0AyzZ2kboqCb
         Vm0ZM3u8WLwnccL8CNwJ98qUXlyugTrUvNdlFC70ptyJ2OlLV5oghdyUoDopAMCU/kAp
         oBRw0rnzPjks7KfcR7uJ/9BM/TEGKy1YfxOukr+kFFyn3FJeNVrDrLuVlKdT16cQbatr
         Xiho1JJe9+LwTt545aJXKTD5iaA+WRzYA4KKtvbIvZImuXRT0dmjqoJrwESg2IcORV2A
         DlAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723034981; x=1723639781;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=NCcDtZPrbTb+a7tjYMwKRW3syNpuGYFonTqiR0oceqU=;
        b=meU2Kb8u2KvyWKdMrNnofWQe9PuHDUEbKXXYrw1iiRRNdDQnv19V8uKdIyNHSP9U2R
         JirIzBHDh/ibHPXCekb4MojaMgHvcrMUtNEb5OnPFyrXndjoTJQd5qOq4xecG035GL34
         ZxDlUbDwTTawzwVv+4gn1LzzYw4SI0GcA5UtWvW5zSnH794N3ALWgXT/PKj+KfT4sYOy
         TeQmLeHrZ81U1KaEz4Ttf1dflEHp57KP9isZ30Ckbbps20DbVANVAjIkyXWwuhNpBqy8
         E2SdA0eMKrotxSa5kAiktzXTOxgDEjCApOxQ6icHDbwYJLcF4CI2VBWJUYmLH7cMzddP
         /6sw==
X-Gm-Message-State: AOJu0YyrYHrQML4cTH4mK1qjnPCc/eY8bQEOYreRa33IXQeXXJOyTBFq
	FIl13czkglTr1AonKbialZe4icgjvqIYIHqR9eZaZmHn9NRLFG1cNBbP7QOisD/9FO5Z6Yu3lEo
	FEH35CG09uXhRsBJTFhvMa98V/qsl7miW
X-Google-Smtp-Source: AGHT+IFTFD0x1HQ/ZNaWWIIRIQeJnCJ5It0rd4bJoevuhwRjIuPdxvfUasU6OS8k5t8HIHXRbpT35KR6kc+JrIA3nsM=
X-Received: by 2002:a05:6870:171e:b0:254:8afa:6914 with SMTP id
 586e51a60fabf-26891e92991mr21784721fac.34.1723034981396; Wed, 07 Aug 2024
 05:49:41 -0700 (PDT)
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
x-ms-reactions: disallow
MIME-Version: 1.0
References: <e08f6af322dcc5b4e4dd5e772f28be07ffa07ba4.camel@ageofdream.com>
 <c510eb675bd0038efbbe5489bebd42ff7438e967.camel@ageofdream.com>
 <7d9a9752-a202-4099-a60a-2686d4265d96@gmail.com> <ffc9c850-06f1-4937-be55-b9e2cc614dfb@app.fastmail.com>
 <d39df742995d29e7db245891c517f0e2b68b041a.camel@ageofdream.com>
In-Reply-To: <d39df742995d29e7db245891c517f0e2b68b041a.camel@ageofdream.com>
Date: Wed, 7 Aug 2024 19:49:30 +0700
Message-ID: <CAEZPtU6c5j=6KRrZQssPg4TDC2Udc8j8uK338ucgUtQVaUdrrA@mail.gmail.com>
Subject: Re: [PHP-DEV] [Discussion] Sandbox API
To: Nick Lockheart <lists@ageofdream.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000007d9f061f17585a"
From: pierre.php@gmail.com (Pierre Joye)

--000000000000007d9f061f17585a
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 7, 2024, 7:13=E2=80=AFPM Nick Lockheart <lists@ageofdream.com> =
wrote:

>
>
>
> So I was thinking about this a bit more and I thought, what if instead
> of adding a sandbox as a feature of PHP, what if PHP *was* the sandbox.
>
> So consider this:
>
> What if the PHP engine added a C API that lets C/C++ programs not only
> spin up and run PHP, but those C/C++ programs could also control and
> monitor the execution of the PHP environment from the outside.
>


Something similar is done in things like frankenphp (go/caddi/own sapi) or
nativephp (desktop app, afair rust/tauri).

Not the same goal, same starting point.

But I would stay away to replace, or improve, OS security with my own
things. Totally possible but it is the kind of worms can I don't look
forward to open  :)

>

--000000000000007d9f061f17585a
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div><br><br><div class=3D"gmail_quote"><div dir=3D"ltr" =
class=3D"gmail_attr">On Wed, Aug 7, 2024, 7:13=E2=80=AFPM Nick Lockheart &l=
t;<a href=3D"mailto:lists@ageofdream.com">lists@ageofdream.com</a>&gt; wrot=
e:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo=
rder-left:1px #ccc solid;padding-left:1ex"><br><br>
<br>
So I was thinking about this a bit more and I thought, what if instead<br>
of adding a sandbox as a feature of PHP, what if PHP *was* the sandbox.<br>
<br>
So consider this:<br>
<br>
What if the PHP engine added a C API that lets C/C++ programs not only<br>
spin up and run PHP, but those C/C++ programs could also control and<br>
monitor the execution of the PHP environment from the outside.<br></blockqu=
ote></div></div><div dir=3D"auto"><br></div><div dir=3D"auto"><br></div><di=
v dir=3D"auto">Something similar is done in things like frankenphp (go/cadd=
i/own sapi) or nativephp (desktop app, afair rust/tauri).</div><div dir=3D"=
auto"><br></div><div dir=3D"auto">Not the same goal, same starting point.</=
div><div dir=3D"auto"><br></div><div dir=3D"auto">But I would stay away to =
replace, or improve, OS security with my own things. Totally possible but i=
t is the kind of worms can I don&#39;t look forward to open=C2=A0 :)</div><=
div dir=3D"auto"><div class=3D"gmail_quote"><blockquote class=3D"gmail_quot=
e" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
</blockquote></div></div></div>

--000000000000007d9f061f17585a--