Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:26996 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 2656 invoked by uid 1010); 15 Dec 2006 23:17:57 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 2641 invoked from network); 15 Dec 2006 23:17:57 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 Dec 2006 23:17:57 -0000 Authentication-Results: pb1.pair.com header.from=iliaal@gmail.com; sender-id=pass; domainkeys=good Authentication-Results: pb1.pair.com smtp.mail=iliaal@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 66.249.82.229 as permitted sender) DomainKey-Status: good X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: iliaal@gmail.com X-Host-Fingerprint: 66.249.82.229 wx-out-0506.google.com Linux 2.4/2.6 Received: from [66.249.82.229] ([66.249.82.229:52036] helo=wx-out-0506.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 1B/14-10210-20D23854 for ; Fri, 15 Dec 2006 18:17:57 -0500 Received: by wx-out-0506.google.com with SMTP id i27so862935wxd for ; Fri, 15 Dec 2006 15:17:20 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer:sender; b=LEN/txN9OuuYiKx7GcocmbDWW01jtquKk0RpVvnt1lgrof/6wuFWDiY4/br5CnfvlAFa4s+Many5U8TXARMlcQSM3aA2iaE2jf38n2QjUzv3XWPoZaD8F9V2bKh97HbafWvk49WEW9Fty3d2JtbEUkhfFV2BO10RhfyUZxcpe1w= Received: by 10.70.113.13 with SMTP id l13mr2012003wxc.1166224640139; Fri, 15 Dec 2006 15:17:20 -0800 (PST) Received: from ?192.168.1.5? ( [74.108.69.82]) by mx.google.com with ESMTP id h34sm5379078wxd.2006.12.15.15.17.19; Fri, 15 Dec 2006 15:17:19 -0800 (PST) In-Reply-To: <45832B9B.2080109@zend.com> References: <20061215201448.B16D8BC1AB@spike.porcupine.org> <7AE00699-23C2-4759-A50C-3D94199DA85A@prohost.org> <45831090.1000704@zend.com> <18A7CF93-7BFD-4764-847D-6C107A62875E@prohost.org> <45831A87.6050301@zend.com> <45832B9B.2080109@zend.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-ID: <8BC86061-CCC5-45C3-8C40-92B06ADBB117@prohost.org> Cc: Wietse Venema , PHP internals Content-Transfer-Encoding: 7bit Date: Fri, 15 Dec 2006 18:17:16 -0500 To: Stanislav Malyshev X-Mailer: Apple Mail (2.752.3) Sender: Ilia Alshanetsky Subject: Re: [PHP-DEV] Run-time taint support proposal From: ilia@prohost.org (Ilia Alshanetsky) On 15-Dec-06, at 6:11 PM, Stanislav Malyshev wrote: >> All it means is extra work for developers with little or no >> tangible benefits. I also wonder how taint will work with the >> standard remove/add > > Security is benefit. Of course, the developers that are sure they > write secure code anyway need not be bothered by tainting and can > leave it off forever. So you claim that without taint mode it is not possible to write safe PHP code? > >> The job of a language is to provide tools, not arbitrary crippling >> limitation under the guise of security improvement. > > I agree. Tainting is one of such tools, aimed at improving security. Tainting is a false security it makes you feel secure, when you aren't. First its off in production and that's where all the hacks appear, it will have holes due to unforeseen function usage, dynamic variables, false untainting etc... >> safe_mode sounded like a really reasonable idea too, I would've >> hoped some lessons from past mistakes could be made. > > I do not see what exactly you propose to learn from safe mode > mistakes - that we should never try to improve PHP security by > providing language level tools? I do not see how this can be > derived from whatever was wrong with safe mode. It may be that the > tainting would not catch but I do not think safe mode problems > should prevent us from even trying. Good luck, I suppose on a base level it is entertaining seeing someone bang their head against the wall time and time again. Ilia Alshanetsky