Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:29596 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 71497 invoked by uid 1010); 21 May 2007 06:33:09 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 71482 invoked from network); 21 May 2007 06:33:08 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 May 2007 06:33:08 -0000 Authentication-Results: pb1.pair.com smtp.mail=sesser@hardened-php.net; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=sesser@hardened-php.net; sender-id=unknown Received-SPF: error (pb1.pair.com: domain hardened-php.net from 81.169.159.221 cause and error) X-PHP-List-Original-Sender: sesser@hardened-php.net X-Host-Fingerprint: 81.169.159.221 hardened-php.net Linux 2.4/2.6 Received: from [81.169.159.221] ([81.169.159.221:50186] helo=mail.hardened-php.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D1/C9-05892-D1D31564 for ; Mon, 21 May 2007 02:33:02 -0400 Received: from [192.168.1.77] (p5b006c97.dip.t-dialin.net [91.0.108.151]) by mail.hardened-php.net (Postfix) with ESMTP id 60DEF1202B3; Mon, 21 May 2007 07:09:04 +0200 (CEST) Message-ID: <46513D1C.2030104@hardened-php.net> Date: Mon, 21 May 2007 08:33:00 +0200 User-Agent: Thunderbird 2.0.0.0 (Windows/20070326) MIME-Version: 1.0 To: Stanislav Malyshev , PHP internals References: <465022BE.1020905@hardened-php.net> <4651351D.8010306@zend.com> In-Reply-To: <4651351D.8010306@zend.com> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Dismantling the lies... From: sesser@hardened-php.net (Stefan Esser) > I don't imagine how one really could calculate maximum depth without > solving the halting problem, so I must be missing something. I ask > somebody who knows what these patches are to send me a link - if there > were patches that do that automatically for any code I would very much > like to see them. > Adding the arbitrary - even configurable - limit doesn't seem to me the > correct solution, since it has high potential to break application code Maybe I was a bit unspecific. If I recall correctly Nuno had some patch (or was it someone else) that was keeping track of depth and maximum stack size and was deciding on the fly if another step deeper could crash. Of course you need some sane detection. Other languages like Python or Perl (I actually don't remember which one of the two is protected) have a stack depth protection, and live happily with it. And the arbitrary limit argument. Well if you write portable PHP code you have an arbitrary limit anyway. IIRC on some Solaris Sparc systems the crash limit was at 800. > understand, Hardened PHP patch has this protection disabled by default. Hardened-PHP is no more. As a thankyou for my security work I was forbidden to carry the PHP tag in the name. But this is history and now Suhosin exists. And the only reason it is deactivated by default is that without knowing the system and code it is hard to detect a sane limit. I personally believe that 256 is enough for everyone. And even if you require a deeper limit Suhosin has a nice simulation mode that will not block deeper recursion, so that you can run the simulation mode on your development server for weeks and see if you ever violate the 256 depth. Stefan Esser