Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:3661
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Message-ID: <005201c35777$6812e7a0$1400000a@fatcuban>
To: "Rasmus Lerdorf" <rasmus@lerdorf.com>
Cc: <internals@lists.php.net>
References: <059101bffadb$28a33670$1400000a@fatcuban> <Pine.WNT.4.56.0307310738380.2248@DELL>
Date: Thu, 31 Jul 2003 16:20:54 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] upload compromises
From: root@fatcuban.com ("skate")

> There is a directive to turn off uploads altogether.  I don't see us going
> beyond that.  How are we supposed to detect executables?  An executable is
> extremely platform-dependant.  I suppose we could suck all the code from
> the UNIX 'file' command into PHP and try to determine a filetype from the
> magic byytes, but to what end?  What exactly are you trying to protect
> against here?

well, i was more thinking of, by default, only allowing say images,
documents and compressed files.

i can fully understand that determining an executable is a mean task, and
way out of the scope for what PHP needs to be. but PHP already has the in
built functionality to check a file type, same way as i would check a file
when i have an upload script.

> My point is that we have no way of knowing what is dangerous and what
> isn't.  This is something the application developer will have to determine
> in his receiving script.

i just think that if there's a default setting, it'll cure a lot of the
problems we get with un-educated users created wild upload scripts. most
things can be dangerous in one form or another, but would taking a few steps
like this really be more effort than it's worth?

i know it's a bit of kindergarten teaching for people that really should
know better, but it's evident just from the lists that it happens quite
often.

thanks for the response anyhow :)