Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:22587
Return-Path: <penguin@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 69868 invoked by uid 1010); 26 Mar 2006 19:15:04 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 69853 invoked from network); 26 Mar 2006 19:15:04 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 26 Mar 2006 19:15:04 -0000
X-Host-Fingerprint: 213.237.67.135 213.237.67.135.adsl.by.worldonline.dk Linux 2.4/2.6
Received: from ([213.237.67.135:29006] helo=mail.ter.dk)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id BF/B1-37235-638E6244 for <internals@lists.php.net>; Sun, 26 Mar 2006 14:15:03 -0500
Received: from workpenguin (workpenguin [192.168.1.32])
	by mail.ter.dk (Kaffemaskine) with SMTP id A41358A4003;
	Sun, 26 Mar 2006 21:14:58 +0200 (CEST)
To: ilia@prohost.org (Ilia Alshanetsky)
Cc: internals@lists.php.net
Date: Sun, 26 Mar 2006 21:14:45 +0200
Message-ID: <79pd22tae8eoi3i9g409mlc8io5gfv1c3c@4ax.com>
References: <000a01c64fbc$cef29c50$88051fac@OHRLVN4523SG> <44257520.6070304@prohost.org> <4425761D.4020300@lerdorf.com> <44257764.4060406@prohost.org> <442577EF.2000908@lerdorf.com> <44257A8C.8020408@prohost.org> <7qjd221uk4tcgqlmfb9vmopmnmc3cfn3p8@4ax.com> <4426D2A1.7030109@prohost.org>
In-Reply-To: <4426D2A1.7030109@prohost.org>
X-Mailer: Forte Agent 1.91/32.564
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] open_basedir_for_include
From: penguin@php.net (Peter Brodersen)

Hi,

On Sun, 26 Mar 2006 12:42:57 -0500, in php.internals ilia@prohost.org
(Ilia Alshanetsky) wrote:

>If you don't trust your users to execute external commands, which is=20
>perfectly valid concern, PHP provides you with a way (disable_functions)=
=20
>  INI setting to restrict the functionality.

I have earlier tried to ask for some "best practice" (e.g.
<20051125105959.9876.PENGUIN@php.net> ). Honestly I don't think
requiring admins with untrusted users (all web host companies) to
maintain their own lists would be practical.

Would you be able to easily compile that list of functions that should
be included in the disabled_functions setting? It wouldn't be enough
to just look at the functions mentioned at http://php.net/exec - you
might miss other functions such as popen().

Unless I have missed part of the documentation the best page to look
at for compiling the list of "dangerous"/exec related functions is
http://php.net/manual/en/features.safe-mode.functions.php . Maybe this
is just a documentation issue, but I believe the ability of disabling
all exec functions in one easy way is pretty important for a bunch of
administrators out there.=20

=46urthermore, this behaviour would be vulnerable to new exec-functions
requiring a lot of maintenance for end users.

At least Rasmus mentioned that he would appreciate being reminded of
this feature (of keeping an internal list of exec functions and still
use safe_mode_exec_dir - possibly under a more describing name)

--=20
- Peter Brodersen