Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:31926
Return-Path: <judas.iscariote@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 40830 invoked by uid 1010); 27 Aug 2007 06:07:49 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 40815 invoked from network); 27 Aug 2007 06:07:49 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Aug 2007 06:07:49 -0000
Authentication-Results: pb1.pair.com header.from=judas.iscariote@gmail.com; sender-id=pass; domainkeys=bad
Authentication-Results: pb1.pair.com smtp.mail=judas.iscariote@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 64.233.162.230 as permitted sender)
DomainKey-Status: bad
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: judas.iscariote@gmail.com
X-Host-Fingerprint: 64.233.162.230 nz-out-0506.google.com  
Received: from [64.233.162.230] ([64.233.162.230:18272] helo=nz-out-0506.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 53/65-23538-33A62D64 for <internals@lists.php.net>; Mon, 27 Aug 2007 02:07:48 -0400
Received: by nz-out-0506.google.com with SMTP id x7so978301nzc
        for <internals@lists.php.net>; Sun, 26 Aug 2007 23:07:45 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=eYfPkXKZoaxBvEZi/xYhj+wA0F+Ewkd3ORvkEQElwbopb1nyQQUVql5iLq6/CdTotIJkbHKMf3ObXK6fcjzh+uePQXWSxUw6wLoAARGvnzCcyXWuVdjQnIwULSplgl5gcMZKD3oJvwsyVdG730UUzJqJMSR4vXpz7vERX7h8IyM=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=BiGieWezFkj4WeqSrV726uFVVy7qR0YlmMc5gvLofzIT05gYP6zE6VKVa6gTlpdWtjL7x6WU4spRyzlSFSFxh/dPYfswdt65A+02kK1upa65Jkna3unW7UCEiMZuuPdHFXr0rvzAo3khPyG23nqVTcMBVXRLqnPNZwbtx8SfrwQ=
Received: by 10.142.171.6 with SMTP id t6mr310448wfe.1188194863725;
        Sun, 26 Aug 2007 23:07:43 -0700 (PDT)
Received: by 10.142.84.16 with HTTP; Sun, 26 Aug 2007 23:07:43 -0700 (PDT)
Message-ID: <7d5a202f0708262307m5c3a3030m8b8f91dd76c9c136@mail.gmail.com>
Date: Mon, 27 Aug 2007 02:07:43 -0400
To: internals@lists.php.net
In-Reply-To: <20070827024804.GS16782@arvo.suso.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <20070826193146.GQ16782@arvo.suso.org> <46D1ED8A.2060302@zend.com>
	 <20070827024804.GS16782@arvo.suso.org>
Subject: Re: [PHP-DEV] Safe mode being removed in PHP6?
From: judas.iscariote@gmail.com ("Cristian Rodriguez")

On 8/26/07, Mark Krenz <mark@suso.org> wrote:

>   No, this is the wrong way to approach the problem.

No, this is the right way, language level security does not replace OS
level security.

> I'm bringing it up because its something that
> needs to be fixed in PHP.

No, fixing this issue in PHP itself is the wrong way, the only issues
that needs to be fixed in PHP are.

1. security holes of PHP itself.

2. the PHP documentation in the cases it promotes bad programming practises.

3. disabling include() and require() with URls **permantently** may
help as well ;P


>   But I'm one of the ones from the 90s that cares greatly about
> security.

If you care greatly about security then safe_mode is certainly **not**
what you need, if you think so, you have been seriously misguided.


-- 
http://www.kissofjudas.net/