Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:13597
Return-Path: <derick@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 93625 invoked by uid 1010); 29 Oct 2004 16:55:24 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 93586 invoked from network); 29 Oct 2004 16:55:24 -0000
Received: from unknown (HELO jdi.jdimedia.nl) (212.204.192.51)
  by pb1.pair.com with SMTP; 29 Oct 2004 16:55:24 -0000
Received: from localhost (localhost [127.0.0.1])
	by jdi.jdimedia.nl (8.12.11/8.12.11) with ESMTP id i9TGtNw6016707
	for <internals@lists.php.net>; Fri, 29 Oct 2004 18:55:23 +0200
Received: from localhost (localhost [127.0.0.1])
	by jdi.jdimedia.nl (8.12.11/8.12.11) with ESMTP id i9TGt6O2016679;
	Fri, 29 Oct 2004 18:55:06 +0200
Date: Fri, 29 Oct 2004 18:55:06 +0200 (CEST)
X-X-Sender: derick@localhost
To: Adam Maccabee Trachtenberg <adam@trachtenberg.com>
cc: Klaus Reimer <k-php-dev@ailis.de>, internals@lists.php.net
In-Reply-To: <Pine.LNX.4.58.0410291120310.17719@miranda.org>
Message-ID: <Pine.LNX.4.58.0410291854560.5274@localhost>
References: <41811956.4050405@caedmon.net>  <20041029105149.3b150c7d.tony2001@phpclub.net>
 <24e5f3b704102901044714577f@mail.gmail.com> <4182029F.2040700@ailis.de>
 <Pine.LNX.4.58.0410291120310.17719@miranda.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by amavisd-new at jdimedia.nl
Subject: Re: [PHP-DEV] curl_init() is bypassing safe_mode & open_basedir
 restrictions
From: derick@php.net (Derick Rethans)

On Fri, 29 Oct 2004, Adam Maccabee Trachtenberg wrote:

> On Fri, 29 Oct 2004, Klaus Reimer wrote:
>
> > Sterling Hughes wrote:
> > > no....  curl does not need to respect php's safemode, adding such
> > > checks at this level is wrong.  people who compile curl, can do so
> > > without local file access, and this will solve their problem.
> >
> > What about people who use precompiled packages like the Debian packages?
> > They don't have a "special" Curl for PHP. The curl debian package will
> > never "disable" file-support just because it breaks a feature of PHP. So
> > Debian users can't use safemode then if they need the curl extension and
> > if they don't want (or don't know how) to compile the stuff.
>
> Safe mode is for people who are running shared servers and want to
> wall off areas. If you're doing this, you should be willing and able
> to configure programs if necessary. I don't mind making ISP sys admins
> configure cURL with a special flag, nor do I think it's too onerous a burden.


Exactly!

Derick

-- 
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org