Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:16992 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 99721 invoked by uid 1010); 29 Jun 2005 06:14:40 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 99706 invoked from network); 29 Jun 2005 06:14:40 -0000 Received: from unknown (HELO crynwr.com) (127.0.0.1) by localhost with SMTP; 29 Jun 2005 06:14:40 -0000 X-Host-Fingerprint: 192.203.178.14 ns1.crynwr.com Linux 2.0.3x (1) Received: from ([192.203.178.14:1260] helo=ns1.crynwr.com) by pb1.pair.com (ecelerity 1.2 r(5656M)) with SMTP id 1B/6F-00424-F4C32C24 for ; Wed, 29 Jun 2005 02:14:40 -0400 Received: (qmail 32224 invoked from network); 29 Jun 2005 06:09:11 -0000 Received: from dpc6745223014.direcpc.com (HELO desk.crynwr.com) (67.45.223.14) by pdam.crynwr.com with SMTP; 29 Jun 2005 06:09:11 -0000 Received: (qmail 4821 invoked by uid 500); 29 Jun 2005 06:08:34 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dog; d=crynwr.com; b=i8qvZu4hIxO51UnRSW+cZP1FeJ7gal03FhDL91OcFYvEYNvIAaQWzsMhE2rY5d03 ; MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Message-ID: <17090.15074.92337.224192@desk.crynwr.com> Date: Wed, 29 Jun 2005 02:08:34 -0400 To: internals@lists.php.net In-Reply-To: <30bd802405062822091191c8fc@mail.gmail.com> References: <42BDDC82.6020208@ohgaki.net> <17088.52397.92440.326561@desk.crynwr.com> <42C0CF76.6090203@lerdorf.com> <42C0F4DA.4000605@php.net> <17089.18702.450236.614561@desk.crynwr.com> <1119998580.13690.109.camel@localhost> <17089.63833.772427.529013@desk.crynwr.com> <42C1FF2A.4000006@fission.org.uk> <17090.9316.148303.68882@desk.crynwr.com> <30bd802405062822091191c8fc@mail.gmail.com> X-Mailer: VM 7.17 under 21.4 (patch 17) "Jumbo Shrimp" XEmacs Lucid Subject: Re: [PHP-DEV] allow_url_fopen should be INI_ALL From: nelson@crynwr.com (Russell Nelson) Nicolas B=C3=A9rard Nault writes: > If a programmer is not capable of controlling an user input, You are making a mistake here. You are assuming that the user realized that 'include' is really 'includeremotesecurityhole'. Consider the security implications of a user 'include'ing a file that doesn't exist (because the attacker used a different filename). Pretty small. They would be akin to what happens when you specify an .html file that doesn't exist. Generates an error; no big deal. Do you see? Your assumption proves my point: that the naive user doesn't see any sharp edges on 'include' and doesn't worry about it. > I think if a programmer can't read a manual page about a so common > function, he deserves what he has. If 'strchr' caused your CPU's fan to stop turning, should 1) a work-around be documented, or 2) the code fixed? If a bug in libjpeg allows a url_fopened image to contain invalid data that elevates privilege, should that be 1) a work-around be documented, or 2) the code fixed? If the design of 'include' allows remote users to execute hostile code, should that be 1) a work-around be documented, or 2) the code fixed? > Are you suggesting that virtually _any_ function should be > protected against stupidity ? If people do stupid things with a computer, is it their fault or the computer's fault? Personally, I always think it's the computer's fault. So, yes, if people end up doing stupid things, it is because the computer is wrong. --=20 --My blog is at blog.russnelson.com | If you want to find Crynwr sells support for free software | PGPok | injustice in economic= 521 Pleasant Valley Rd. | +1 315-323-1241 | affairs, look for the= Potsdam, NY 13676-3213 | | hand of a legislator.=