Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:32010
Return-Path: <penguin@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 46306 invoked by uid 1010); 2 Sep 2007 12:11:58 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 46291 invoked from network); 2 Sep 2007 12:11:58 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Sep 2007 12:11:58 -0000
Authentication-Results: pb1.pair.com header.from=penguin@php.net; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=penguin@php.net; spf=unknown; sender-id=unknown
Received-SPF: unknown (pb1.pair.com: domain php.net does not designate 195.41.46.235 as permitted sender)
X-PHP-List-Original-Sender: penguin@php.net
X-Host-Fingerprint: 195.41.46.235 pfepa.post.tele.dk Linux 2.5 (sometimes 2.4) (4)
Received: from [195.41.46.235] ([195.41.46.235:37958] helo=pfepa.post.tele.dk)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 0E/D4-24187-D88AAD64 for <internals@lists.php.net>; Sun, 02 Sep 2007 08:11:58 -0400
Received: from workpenguin (0x535cbb96.bynxx18.adsl-dhcp.tele.dk [83.92.187.150])
	by pfepa.post.tele.dk (Postfix) with SMTP id 6406DFAC075;
	Sun,  2 Sep 2007 14:11:54 +0200 (CEST)
To: rasmus@lerdorf.com (Rasmus Lerdorf)
Cc: internals@lists.php.net
Date: Sun, 02 Sep 2007 14:11:28 +0200
Message-ID: <8q9ld3l6ii25nhdnv2erf2picvu3dp369p@4ax.com>
References: <20070826193146.GQ16782@arvo.suso.org> <46D1ED8A.2060302@zend.com> <20070827024804.GS16782@arvo.suso.org> <46D26834.9040001@lerdorf.com>
In-Reply-To: <46D26834.9040001@lerdorf.com>
X-Mailer: Forte Agent 1.91/32.564
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] Safe mode being removed in PHP6?
From: penguin@php.net (Peter Brodersen)

On Sun, 26 Aug 2007 22:59:16 -0700, in php.internals
rasmus@lerdorf.com (Rasmus Lerdorf) wrote:

> As PHP grew
>and became more complex and linked in more complex libraries, it became
>completely impossible to even begin to pretend that safemode was still
>effective.=20

1=C2=BD year ago we talked about unbundling the safe_mode_exec_dir and
keeping that alive:
http://news.php.net/php.internals/20417

Is this still relevant? I like the idea much more than users should
maintain their own disabled_functions list to prevent current and new
exec functions.

--=20
- Peter Brodersen