Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:29366 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 34361 invoked by uid 1010); 8 May 2007 23:45:31 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 34346 invoked from network); 8 May 2007 23:45:31 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 8 May 2007 23:45:31 -0000 Authentication-Results: pb1.pair.com header.from=stas@zend.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=stas@zend.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 63.205.162.114 as permitted sender) X-PHP-List-Original-Sender: stas@zend.com X-Host-Fingerprint: 63.205.162.114 unknown Windows 2000 SP4, XP SP1 Received: from [63.205.162.114] ([63.205.162.114:33953] helo=us-ex1.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 39/02-13859-A9B01464 for ; Tue, 08 May 2007 19:45:30 -0400 Received: from [127.0.0.1] ([192.168.16.109]) by us-ex1.zend.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 8 May 2007 16:45:28 -0700 Message-ID: <46410B95.3010606@zend.com> Date: Tue, 08 May 2007 16:45:25 -0700 Organization: Zend Technologies User-Agent: Thunderbird 2.0.0.0 (Windows/20070326) MIME-Version: 1.0 To: Gregory Beaver CC: internals@lists.php.net References: <139872287.20070504170744@marcus-boerger.de> <9DC00D11-00A5-40DB-A397-8454C48FA448@prohost.org> <1525138013.20070504193205@marcus-boerger.de> <463B70A1.4010505@zend.com> <463B7232.7000205@php.net> <463B8B36.5010906@zend.com> <1992195966.20070504214413@marcus-boerger.de> <463B9271.3040009@zend.com> <1348470081.20070504221609@marcus-boerger.de> <463EB3FD.4020009@zend.com> <1062653277.20070507092725@marcus-boerger.de> <463ED871.8080606@zend.com> <463F1B3A.3070703@pooteeweet.org> <463F74EA.7030704@zend.com> <1377895609.20070507211530@marcus-boerger.de> <463F8909.6000709@zend.com> <46406BE8.7020400@zend.com> <46410298.6000303@chiaraquartet.net> In-Reply-To: <46410298.6000303@chiaraquartet.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 08 May 2007 23:45:28.0072 (UTC) FILETIME=[F4DA5880:01C791CA] Subject: Re: [PHP-DEV] [RFC] Starting 5.3 From: stas@zend.com (Stanislav Malyshev) > The only solution that would allow userspace streams to function *and* > allow security would be to implement safe_mode 2.0: disable all remote No, that's not the only solution. Other solution would be stop trying to do what should be done on entirely other level and do it on the OS level, not try to make PHP what it is not - PHP is not built to securely limit the programmer and all attempts to do that eventually lead to the same problems safe_mode had. Or worse, if they break perfectly good code on the way. > that can possibly access the outside world, and disabling it. Otherwise > users will be able to circumvent all_url_fopen by writing a simple > stream wrapper that just downloads the crap and returns it as an $fp. I say if you don't want your users to contact outside world, buy a firewall. allow_url_include was intended to serve very specific purpose, to plug hole created by often-written stupid code. It's not a comprehensive security solution and was not intended to restrict the programmer. > I know the idea of a taint mode was sort of discarded (I think it was, Actually, AFAIK it wasn't :) > disappear in the name of the safety of preventing remote code execution > vulnerabilities. There would be no safety and no prevention, just plugging one way of thousands. IMHO it is pointless. -- Stanislav Malyshev, Zend Products Engineer stas@zend.com http://www.zend.com/