Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:27509
Return-Path: <stas@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 63022 invoked by uid 1010); 17 Jan 2007 19:19:02 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 63007 invoked from network); 17 Jan 2007 19:19:02 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Jan 2007 19:19:02 -0000
Authentication-Results: pb1.pair.com header.from=stas@zend.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=stas@zend.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.162 as permitted sender)
X-PHP-List-Original-Sender: stas@zend.com
X-Host-Fingerprint: 212.25.124.162 mail.zend.com Linux 2.5 (sometimes 2.4) (4)
Received: from [212.25.124.162] ([212.25.124.162:26982] helo=mail.zend.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id CA/18-11755-4A67EA54 for <internals@lists.php.net>; Wed, 17 Jan 2007 14:19:02 -0500
Received: (qmail 14559 invoked from network); 17 Jan 2007 19:17:20 -0000
Received: from stas-laptop.zend.office (HELO ?127.0.0.1?) (192.168.16.126)
  by internal.zend.office with SMTP; 17 Jan 2007 19:17:20 -0000
Message-ID: <45AE769A.7040008@zend.com>
Date: Wed, 17 Jan 2007 11:18:50 -0800
Organization: Zend Technologies
User-Agent: Thunderbird 2.0b1 (Windows/20061206)
MIME-Version: 1.0
To: Arnold Daniels <info@adaniels.nl>
CC: Alain Williams <addw@phcomp.co.uk>, Greg Beaver <cellog@php.net>, 
 Stefan Esser <sesser@hardened-php.net>,
 Marcus Boerger <helly@php.net>, 
 "internals@lists.php.net" <internals@lists.php.net>
References: <F1076B95-2D05-4690-AE84-21FC0552F17A@ch2o.info> <45A8FC49.7050909@hardened-php.net> <45A90809.3050008@lerdorf.com> <45A91002.8020607@hardened-php.net> <526994769.20070113181330@marcus-boerger.de> <Pine.LNX.4.64.0701141301180.32133@mail.zend.com> <45AA116F.7020109@hardened-php.net> <Pine.LNX.4.64.0701141436460.16363@mail.zend.com> <45AA961D.4090401@php.net> <45AD63A1.2040206@adaniels.nl> <20070117084600.GA19933@mint.phcomp.co.uk> <45AE62FE.2040805@zend.com> <45AE748D.5060803@adaniels.nl>
In-Reply-To: <45AE748D.5060803@adaniels.nl>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Comments on PHP security
From: stas@zend.com (Stanislav Malyshev)

> Which functions am I forgetting?

All using php_stream_open*. I see 38 files in the php source tree using 
this function. You probably would have to go to each of them and change 
each instance to support your flag. That's the safe mode story again - 
you plug 90% quickly and then spend forever trying to plug the rest.

-- 
Stanislav Malyshev, Zend Products Engineer
stas@zend.com  http://www.zend.com/