Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:27493
Return-Path: <greg@chiaraquartet.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 46945 invoked by uid 1010); 17 Jan 2007 01:16:36 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 46930 invoked from network); 17 Jan 2007 01:16:36 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Jan 2007 01:16:36 -0000
Authentication-Results: pb1.pair.com header.from=greg@chiaraquartet.net; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=greg@chiaraquartet.net; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain chiaraquartet.net from 66.79.163.178 cause and error)
X-PHP-List-Original-Sender: greg@chiaraquartet.net
X-Host-Fingerprint: 66.79.163.178 bluga.net Linux 2.5 (sometimes 2.4) (4)
Received: from [66.79.163.178] ([66.79.163.178:40984] helo=mail.bluga.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B1/95-05231-1F87DA54 for <internals@lists.php.net>; Tue, 16 Jan 2007 20:16:34 -0500
Received: from mail.bluga.net (mail.bluga.net [127.0.0.1])
	by mail.bluga.net (Postfix) with ESMTP id B51EE8748D;
	Tue, 16 Jan 2007 17:13:00 -0800 (PST)
Received: from [192.168.0.106] (CPE-24-169-242-149.neb.res.rr.com [24.169.242.149])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.bluga.net (Postfix) with ESMTP id C78348735C;
	Tue, 16 Jan 2007 17:12:59 -0800 (PST)
Message-ID: <45AD76BF.6050305@chiaraquartet.net>
Date: Tue, 16 Jan 2007 19:07:11 -0600
User-Agent: Thunderbird 1.5.0.9 (X11/20070104)
MIME-Version: 1.0
To: Stanislav Malyshev <stas@zend.com>
CC: Stefan Esser <sesser@hardened-php.net>, 
 Marcus Boerger <helly@php.net>,
 "internals@lists.php.net" <internals@lists.php.net>
References: <F1076B95-2D05-4690-AE84-21FC0552F17A@ch2o.info> <45A8FC49.7050909@hardened-php.net> <45A90809.3050008@lerdorf.com> <45A91002.8020607@hardened-php.net> <526994769.20070113181330@marcus-boerger.de> <Pine.LNX.4.64.0701141301180.32133@mail.zend.com> <45AA116F.7020109@hardened-php.net> <Pine.LNX.4.64.0701141436460.16363@mail.zend.com> <45AA961D.4090401@php.net> <45AD416E.4020502@zend.com>
In-Reply-To: <45AD416E.4020502@zend.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: Re: [PHP-DEV] Comments on PHP security
From: greg@chiaraquartet.net (Gregory Beaver)

Stanislav Malyshev wrote:
>> In my opinion, it would be a pity to lose the design benefits of stream
>> wrappers in the effort to gain more security when security can be gained
>> without losing the benefits.  I think it would be good to allow
>> disabling all urls as Stefan suggested, but if there is a way to
>> restrict to truly local stream wrappers, I would need to be educated as
>> to how this is less secure than outright disabling urls.
>
> The problem is, for user streams you can't be sure they are truly
> local - user stream can do anything, including accessing any URLs,
> without the streams layer having any say in that. They only way to
> ensure that user stream is local is for the stream wrapper author to
> write it local, which we can't control. 

Hi,

Actually, the solution I was envisioning would not allow any access to
fsockopen() or other remote streams access things inside a user stream
wrapper.

Perhaps a patch would better illustrate what I'm talking about, so when
I get a chance, I'll give it a try.

Greg