Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:16959 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 62415 invoked by uid 1010); 28 Jun 2005 12:49:24 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 62400 invoked from network); 28 Jun 2005 12:49:24 -0000 Received: from unknown (HELO crynwr.com) (127.0.0.1) by localhost with SMTP; 28 Jun 2005 12:49:24 -0000 X-Host-Fingerprint: 192.203.178.14 ns1.crynwr.com Linux 2.0.3x (1) Received: from ([192.203.178.14:1270] helo=ns1.crynwr.com) by pb1.pair.com (ecelerity 1.2 r(5656M)) with SMTP id 08/92-00424-35741C24 for ; Tue, 28 Jun 2005 08:49:24 -0400 Received: (qmail 16928 invoked from network); 28 Jun 2005 12:49:19 -0000 Received: from dpc6745223014.direcpc.com (HELO desk.crynwr.com) (67.45.223.14) by pdam.crynwr.com with SMTP; 28 Jun 2005 12:49:19 -0000 Received: (qmail 30876 invoked by uid 500); 28 Jun 2005 12:48:42 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dog; d=crynwr.com; b=aTjsL2BDgWDj9sNcT0pM/ieM1qZP7661a9Ixdt2quHHusl/2wuKcvHzSNJkGcOOF ; MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17089.18217.834908.85193@desk.crynwr.com> Date: Tue, 28 Jun 2005 08:48:41 -0400 To: internals@lists.php.net In-Reply-To: <42C0CF76.6090203@lerdorf.com> References: <42BDDC82.6020208@ohgaki.net> <17088.52397.92440.326561@desk.crynwr.com> <42C0CF76.6090203@lerdorf.com> X-Mailer: VM 7.17 under 21.4 (patch 17) "Jumbo Shrimp" XEmacs Lucid Subject: Re: [PHP-DEV] allow_url_fopen should be INI_ALL From: nelson@crynwr.com (Russell Nelson) Rasmus Lerdorf writes: > How is this any different from > > include "../../../../../etc/passwd"; That doesn't let you execute hostile content with local privs. > There are a lot of places where unfiltered user input can cause some > rather severe problems. I agree! And yet .... there is plenty of evidence that *include* among all the language intrinsics is a problem. 'system' has obvious sharp edges. 'include' does not. I'm asking you to make the sharp edges obvious or else blunt them. Renaming 'include' to 'includeremotesecurityhole' is one way. Removing the URL fopening ability from 'include' and adding a new intrinsic called 'includeremote' would do it too. By the way, remember the 'Open Source' logo contest that you ran for us? We printed it up on t-shirts for FISL 6.0 a month ago. I'll be happy to send you one if you want. Specify yellow, black, or black long-sleeved. -- --My blog is at blog.russnelson.com | If you want to find Crynwr sells support for free software | PGPok | injustice in economic 521 Pleasant Valley Rd. | +1 315-323-1241 | affairs, look for the Potsdam, NY 13676-3213 | | hand of a legislator.