Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:20302
Return-Path: <rasmus@lerdorf.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 56269 invoked by uid 1010); 24 Nov 2005 17:12:05 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 56254 invoked from network); 24 Nov 2005 17:12:05 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 Nov 2005 17:12:05 -0000
X-Host-Fingerprint: 204.11.219.139 lerdorf.com Linux 2.4/2.6
Received: from ([204.11.219.139:43000] helo=colo.lerdorf.com)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id F7/AC-11378-464F5834 for <internals@lists.php.net>; Thu, 24 Nov 2005 12:12:05 -0500
Received: from [192.168.200.106] (c-24-6-5-134.hsd1.ca.comcast.net [24.6.5.134])
	(authenticated bits=0)
	by colo.lerdorf.com (8.13.5/8.13.5/Debian-3) with ESMTP id jAOHBsjN021166
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Thu, 24 Nov 2005 09:12:00 -0800
Message-ID: <4385F459.50108@lerdorf.com>
Date: Thu, 24 Nov 2005 09:11:53 -0800
User-Agent: Thunderbird 1.5 (Macintosh/20051025)
MIME-Version: 1.0
To: Peter Brodersen <penguin@php.net>
CC: internals@lists.php.net
References: <Pine.LNX.4.62.0511221852340.31280@localhost> <o4qbo1hsi1qnsj09smbak282ir661pi81l@4ax.com>
In-Reply-To: <o4qbo1hsi1qnsj09smbak282ir661pi81l@4ax.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: PDM Meeting Notes
From: rasmus@lerdorf.com (Rasmus Lerdorf)

Peter Brodersen wrote:
> On Tue, 22 Nov 2005 18:57:19 +0100 (CET), in php.internals
> derick@php.net (Derick Rethans) wrote:
> 
>> On 11 and 12 November a bunch of us had a developers meeting in Paris, 
>> discussing the things we want to do for PHP 6. Partly because of the 
>> Unicode support, but we also discussed the items on "Rasmus' wishlist" 
>> and a lot of other items. I made a report of the discussions we had and 
>> placed the notes here:
>>
>> http://php.net/~derick/meeting-notes.html
> 
> Very interesting - thanks for the details. It all sounds very
> promising.
> 
> Regarding safe_mode I agree that I'll never be any kind of magic
> wundertool. But as the docs also specify, many shared hosts currently
> "rely" on it (meaning they have setups where the users don't have
> shell opportunities or other ways of accessing each other's files).
> 
> I'm not looking for any near-safe_mode-substitution. I'm more
> concerned about the deployment of PHP6 at shared hosts.

These shared hosts really should be using open_basedir.  We have 
confused them by having both directives, and I see some even enable both 
safe_mode and open_basedir on top of each other which doesn't make much 
sense.  Shared hosts really should be setting an open_basedir on a 
per-vhost basis.  This will fix file uploads and a number of other 
issues and is every bit as safe (or unsafe depending on how you look at 
it) as safe_mode.

-Rasmus