Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:22574
Return-Path: <rasmus@lerdorf.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 81553 invoked by uid 1010); 25 Mar 2006 08:23:46 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 81538 invoked from network); 25 Mar 2006 08:23:46 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 25 Mar 2006 08:23:46 -0000
X-Host-Fingerprint: 204.11.219.139 lerdorf.com Linux 2.4/2.6
Received: from ([204.11.219.139:58957] helo=colo.lerdorf.com)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id 5C/83-11806-21EF4244 for <internals@lists.php.net>; Sat, 25 Mar 2006 03:23:46 -0500
Received: from [192.168.200.106] (c-24-6-5-134.hsd1.ca.comcast.net [24.6.5.134])
	(authenticated bits=0)
	by colo.lerdorf.com (8.13.5/8.13.5/Debian-3) with ESMTP id k2P8NfCf018568
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Sat, 25 Mar 2006 00:23:42 -0800
Message-ID: <4424FE0D.1060600@lerdorf.com>
Date: Sat, 25 Mar 2006 00:23:41 -0800
User-Agent: Thunderbird 3.0a1 (Macintosh/20060320)
MIME-Version: 1.0
To: Sara Golemon <pollita@php.net>
CC: internals@lists.php.net
References: <000a01c64fbc$cef29c50$88051fac@OHRLVN4523SG>
In-Reply-To: <000a01c64fbc$cef29c50$88051fac@OHRLVN4523SG>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] open_basedir_for_include
From: rasmus@lerdorf.com (Rasmus Lerdorf)

Sara Golemon wrote:
> The PDM recommendation covering the removal of safe_mode included a note 
> on expanding the role of open_basedir.  To that end, I'd like to propose 
> introducing a new ini option: open_basedir_for_include which would allow 
> using include/require(_once) on an expanded set of directories than what 
> open_basedir would otherwise allow.
> 
> Since php_fopen_wrapper_for_zend() specifies STREAM_OPEN_FOR_INCLUDE, we 
> can catch this option in the plain_files wrapper and expand the 
> open_basedir check to allow specifying the alternate INI option (when 
> set of course). Obviously if this new option were left unset and the 
> regular open_basedir were set, we'd still use that for full BC.
> 
> If noone objects I'll add this functionality in between unicode related 
> patches in a week or so.

Sounds like a good idea to me.  A very handy use of open_basedir that is 
often overlooked is as a way to protect you from yourself.  That is, you 
define up front where you know your application should be reading and 
writing from and if you happen to make a mistake in your code it will 
act as a safety net.  Adding the ability to include files from common 
include directories without adding them to the list of real open_basedir 
directories makes this more useful.

-Rasmus