Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:20301 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 46941 invoked by uid 1010); 24 Nov 2005 17:00:44 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 46920 invoked from network); 24 Nov 2005 17:00:44 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Nov 2005 17:00:44 -0000 Received: from ([127.0.0.1:15726]) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with ECSTREAM id 2B/1B-11378-BB1F5834 for ; Thu, 24 Nov 2005 12:00:43 -0500 X-Host-Fingerprint: 213.237.67.135 213.237.67.135.adsl.by.worldonline.dk Linux 2.4/2.6 Received: from ([213.237.67.135:20316] helo=mail.ter.dk) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id F3/3A-11378-41EE5834 for ; Thu, 24 Nov 2005 11:45:09 -0500 Received: from workpenguin (workpenguin [192.168.1.32]) by mail.ter.dk (Symaskine) with SMTP id 88FC68A4022; Thu, 24 Nov 2005 17:45:03 +0100 (CET) To: derick@php.net (Derick Rethans) Cc: internals@lists.php.net Date: Thu, 24 Nov 2005 17:43:56 +0100 Message-ID: References: In-Reply-To: X-Mailer: Forte Agent 1.91/32.564 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Re: PDM Meeting Notes From: penguin@php.net (Peter Brodersen) On Tue, 22 Nov 2005 18:57:19 +0100 (CET), in php.internals derick@php.net (Derick Rethans) wrote: >On 11 and 12 November a bunch of us had a developers meeting in Paris,=20 >discussing the things we want to do for PHP 6. Partly because of the=20 >Unicode support, but we also discussed the items on "Rasmus' wishlist"=20 >and a lot of other items. I made a report of the discussions we had and=20 >placed the notes here: > >http://php.net/~derick/meeting-notes.html Very interesting - thanks for the details. It all sounds very promising. Regarding safe_mode I agree that I'll never be any kind of magic wundertool. But as the docs also specify, many shared hosts currently "rely" on it (meaning they have setups where the users don't have shell opportunities or other ways of accessing each other's files). I'm not looking for any near-safe_mode-substitution. I'm more concerned about the deployment of PHP6 at shared hosts. Since PHP6 have a bunch of different changes and requires a lot of information I think there should be put an effort of creating a "best practices" document for these kind of setups. Something like enabling open_basedir and disabling exec-functions (popen, exec, shell_exec, passthru...). Maybe a new setting to disable all of these typies of functions together - I don't think it is a pretty solution to e.g. blacklist about six specific functions and hoping that this list is static. =46urthermore, and just a though: would it be possible to have an option when compiling an apache module of setting the open_basedir value to the same as the virtual host's DOCUMENT_ROOT? I think deployment could be much easier this way. (oh yeah, and I really hope glob() results would be passed through open_basedir checks... furthermore I want a pony!) --=20 - Peter Brodersen