Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:27430
Return-Path: <rasmus@lerdorf.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 58536 invoked by uid 1010); 13 Jan 2007 17:26:33 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 58521 invoked from network); 13 Jan 2007 17:26:33 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 13 Jan 2007 17:26:33 -0000
Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain lerdorf.com from 204.11.219.139 cause and error)
X-PHP-List-Original-Sender: rasmus@lerdorf.com
X-Host-Fingerprint: 204.11.219.139 lerdorf.com Linux 2.5 (sometimes 2.4) (4)
Received: from [204.11.219.139] ([204.11.219.139:38679] helo=lerdorf.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 95/41-47651-84619A54 for <internals@lists.php.net>; Sat, 13 Jan 2007 12:26:33 -0500
Received: from [192.168.200.104] (c-67-169-43-97.hsd1.ca.comcast.net [67.169.43.97])
	(authenticated bits=0)
	by lerdorf.com (8.13.8/8.13.8/Debian-3) with ESMTP id l0DHQ9Yh029768
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Sat, 13 Jan 2007 09:26:22 -0800
Message-ID: <45A91629.1080404@lerdorf.com>
Date: Sat, 13 Jan 2007 09:26:01 -0800
User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207)
MIME-Version: 1.0
To: Ilia Alshanetsky <ilia@prohost.org>
CC: Marcus Boerger <helly@php.net>, Stefan Esser <sesser@hardened-php.net>,
        "internals@lists.php.net" <internals@lists.php.net>
References: <F1076B95-2D05-4690-AE84-21FC0552F17A@ch2o.info> <45A8FC49.7050909@hardened-php.net> <45A90809.3050008@lerdorf.com> <45A91002.8020607@hardened-php.net> <526994769.20070113181330@marcus-boerger.de> <C9C07D55-09C8-4E9E-82C6-F8B3FE5F7BFB@prohost.org>
In-Reply-To: <C9C07D55-09C8-4E9E-82C6-F8B3FE5F7BFB@prohost.org>
X-Enigmail-Version: 0.94.1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Comments on PHP security
From: rasmus@lerdorf.com (Rasmus Lerdorf)

I thought we also decided to default user streams to be marked as
insecure with some mechanism for overriding it.

-Rasmus

Ilia Alshanetsky wrote:
> Marcus,
> 
> You want to use an INI setting to specify which streams are local and
> which are remote? That seems like a recipe for disaster to me, people
> adjusting this setting many not consider some streams that are remote
> etc... leading to security holes. There is really no reason why PHP
> could not effectively use flags internally to identify the difference
> between the two sources of streams. Ultimately it'll always fall to the
> extension writer, same as with open_basedir, which author can choose to
> bypass if they so choose to.
> 
> The main issue here is I think is that is_url flag is new and there are
> many extensions providing remote wrapper that have been written prior to
> its addition and therefor do not have a proper setting in place, which
> may have been added in a hurry to solve a compilation failure.
> 
> On 13-Jan-07, at 12:13 PM, Marcus Boerger wrote:
> 
>> Hello Stefan,
>>
>>   i also think something should be done here. The is_url flag does not
>> really help. What we imho need is an ini setting that allows specifying
>> which stream handlers to allow. And that should not include user streams.
>>
>> best regards
>> marcus
> 
> Ilia Alshanetsky
> 
> 
>