Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:33264 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 89403 invoked by uid 1010); 18 Nov 2007 22:06:54 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 89388 invoked from network); 18 Nov 2007 22:06:54 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Nov 2007 22:06:54 -0000 Authentication-Results: pb1.pair.com header.from=mls@pooteeweet.org; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=mls@pooteeweet.org; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain pooteeweet.org from 85.10.196.195 cause and error) X-PHP-List-Original-Sender: mls@pooteeweet.org X-Host-Fingerprint: 85.10.196.195 serveforce1.backendmedia.com Linux 2.6 Received: from [85.10.196.195] ([85.10.196.195:35920] helo=serveforce1.backendmedia.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id FD/97-21972-E77B0474 for ; Sun, 18 Nov 2007 17:06:54 -0500 Received: from [192.168.0.163] (77-57-23-243.dclient.hispeed.ch [77.57.23.243]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) by serveforce1.backendmedia.com (Postfix) with ESMTP id 9B1A2122417E; Sun, 18 Nov 2007 23:07:15 +0100 (CET) In-Reply-To: <4740B510.6040206@hardened-php.net> References: <47401946.2050406@sektioneins.de> <006101c829d9$5e2f0140$4101a8c0@pc07653> <4740375B.5020706@hardened-php.net> <4740B510.6040206@hardened-php.net> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-ID: Cc: Nuno Lopes , Stefan Esser , PHP internals Content-Transfer-Encoding: 7bit Date: Sun, 18 Nov 2007 23:06:43 +0100 To: Stefan Esser X-Mailer: Apple Mail (2.752.3) X-backendmedia-com-MailScanner-Information: Please contact the ISP for more information X-backendmedia-com-MailScanner: Found to be clean X-backendmedia-com-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0.143, required 6, AWL 0.04, RDNS_DYNAMIC 0.10) X-backendmedia-com-MailScanner-From: mls@pooteeweet.org X-Spam-Status: No Subject: Re: [PHP-DEV] Tainted Mode Decision From: mls@pooteeweet.org (Lukas Kahwe Smith) On 18.11.2007, at 22:56, Stefan Esser wrote: > > This is different from the implicit untainting through htmlentities() > and mysql_real_escape_string() because there > are obviously cases where these functions are the WRONG functions and > the developer will never realise this > because he was not taught to untaint() himself only when he is sure... Ok, I guess this is a fundamental difference that we should probably take note if before we make any decision. Should it be a tool that one can just enable when one cares or should we require that developers actually code towards the taint model? I personally think that library developers could be expected to actually make explicit untaint() calls and bytecode caches could be made smart enough to strip these out for the people that do not care about the added security (which one might not need in production). However for the final glue that needs to be written to put all the libraries to work, I think its fairly unrealistic. Then again maybe the people that do care enough (because they are working for a bank) would still have the necessary time to add all the relevant untaint() calls. The rest would probably appreciate a tool that helps them getting closed to that magical 100% secure mark. regards, Lukas