Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:43072 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 96253 invoked from network); 17 Feb 2009 11:25:09 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 17 Feb 2009 11:25:09 -0000 Authentication-Results: pb1.pair.com smtp.mail=hannes.magnusson@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=hannes.magnusson@gmail.com; sender-id=pass; domainkeys=bad Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.180 as permitted sender) DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: hannes.magnusson@gmail.com X-Host-Fingerprint: 209.85.218.180 mail-bw0-f180.google.com Received: from [209.85.218.180] ([209.85.218.180:44162] helo=mail-bw0-f180.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id F9/A0-33190-49E9A994 for ; Tue, 17 Feb 2009 06:25:09 -0500 Received: by bwz28 with SMTP id 28so3794639bwz.23 for ; Tue, 17 Feb 2009 03:25:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=g8v5M2FGB+vFpNjwzpiOGkwVmwQp/+f2IAs9im8JOWE=; b=eWrNF7Q4KbZP0/QPLqO+Bp3qwSdfPmRbiixdMzotyW8OlQy7pm/5HfSQPLJuQiNUWV Z1nThiTpRLFrvq34Nj8qtOpYmzN0fcmMw44udJ1KlpmaMnUK+v54sbkEIK+oXSSv2wdP dbA/TNmZ50Wd6S4ZYxrSpmq/pT4QyonkL60Wo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=cor4fB0UFvcLRXqdXQDTV5LEgA/n3tl8hqNGpGoAD53Sxo+keck5aqdyCjbW6+flyn z+BvrPBKBv8R91Ne3mLMkO+dqOHvEuySB1/wTfpoSSXnj7w6MS/XfVRZeTFLlvkTGlda vxPVY8HLsDqKux7sBQON0IteLqlR8nSo/JJZ0= MIME-Version: 1.0 Received: by 10.181.52.14 with SMTP id e14mr298910bkk.99.1234869904106; Tue, 17 Feb 2009 03:25:04 -0800 (PST) In-Reply-To: <20090217091202.GA3224@rangda.stickybit.se> References: <20090217091202.GA3224@rangda.stickybit.se> Date: Tue, 17 Feb 2009 12:25:04 +0100 Message-ID: <7f3ed2c30902170325h74885a7akd46ba61f213daa16@mail.gmail.com> To: sean finney Cc: Eric Stewart , internals@lists.php.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] New INIs, Round Two. From: hannes.magnusson@gmail.com (Hannes Magnusson) On Tue, Feb 17, 2009 at 10:12, sean finney wrote: > hi, > > On Tue, Feb 17, 2009 at 02:02:35AM -0500, Eric Stewart wrote: >> 14. A few other directives have been question but I don't have enough >> experience with these particular settings so please weight in on them. >> >> extension_dir = "./" >> enable_dl = On > > i'd be incredibly weary of this setting, even in a development environment. > > - if you have enable_dl on, a user can load an arbitrary .so into php's (and > thus most often apache's) memory space. dl() should indeed be disabled by default (and the NEWS entry says it is). dl() support has furthermore been removed from most SAPIs, and according to the NEWS entry it is only available for cli, cgi and embed. Actually, the docs and NEWS are a bit inconsistent on that, the docs say the function just raises E_DEPRECATED while the NEWS entry makes it sound like dl() simply wont work as apache module.. -Hannes