Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:4038
Return-Path: <derick@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 79880 invoked from network); 17 Aug 2003 09:52:18 -0000
Received: from unknown (HELO jdi.jdimedia.nl) (212.204.192.51)
  by pb1.pair.com with SMTP; 17 Aug 2003 09:52:18 -0000
Received: from jdi.jdimedia.nl (jdi.jdimedia.nl [212.204.192.51])
	by jdi.jdimedia.nl (8.12.4/8.12.4) with ESMTP id h7H9qDZM003550;
	Sun, 17 Aug 2003 11:52:17 +0200
Date: Sun, 17 Aug 2003 11:52:13 +0200 (CEST)
X-X-Sender: derick@jdi.jdimedia.nl
To: Steve Langasek <vorlon@netexpress.net>
cc: internals@lists.php.net
In-Reply-To: <20030817040523.GM13013@quetzlcoatl.dodds.net>
Message-ID: <Pine.LNX.4.53.0308171149230.12413@jdi.jdimedia.nl>
References: <20030817040523.GM13013@quetzlcoatl.dodds.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: [PHP-DEV] [PATCH] make dl() DTRT under safe mode
From: derick@php.net (Derick Rethans)

On Sat, 16 Aug 2003, Steve Langasek wrote:

> The attached patch changes dl() so that, instead of outright refusing to
> run under safe mode, it performs additional security checks on the value
> of extension_dir and accepts a filename-only argument (no directories)
> from the caller.  In addition, if the provided argument doesn't return a
> handle, dl will append the value of PHP_SHLIB_SUFFIX to the filename and
> try again.
> 
> Rationale:  Most Linux distributions that include PHP ship the majority
> of extensions as shared objects, to make it easier for the user to get
> just those features they need.  In addition, there are many extensions
> not provided by Linux distributors that a user may wish to add locally.
> Unfortunately, current PHP programmer culture leads to all extensions
> being loaded via php.ini, which -- contrary to some claims made in the
> past on this list -- often causes instability when used with apache 1.3.

Loading them through dl() gives much more instability. I don't see where 
you got this claim from, I never saw a bugreport about this.

> Simply put, the current state of libraries on Linux isn't good enough to
> cope with all possible libraries being loaded into a single apache
> process at once; and SSL-using extensions seem to have problems of their
> very own when it comes to Apache's load-unload-load-rinse-spindry
> handling of DSOs at start time.  Supporting a reasonable dl() function
> under safe mode is the first step toward being able to wean users off of
> this fragile configuration.

I don't agree, dl() is kinda deprecated anyway. It's buggy as hell and 
it causes quite a lot of problems with intra-extension dependencies. If 
you want something solid, you compile in all extensions. This has 
nothing to do with safe-mode really.

regards,
Derick

-- 
"Interpreting what the GPL actually means is a job best left to those
                    that read the future by examining animal entrails."
-------------------------------------------------------------------------
 Derick Rethans                                 http://derickrethans.nl/ 
 International PHP Magazine                          http://php-mag.net/
-------------------------------------------------------------------------