Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:53134 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 79368 invoked from network); 7 Jun 2011 13:04:08 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Jun 2011 13:04:08 -0000 Authentication-Results: pb1.pair.com smtp.mail=h.reindl@thelounge.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=h.reindl@thelounge.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thelounge.net designates 91.118.73.15 as permitted sender) X-PHP-List-Original-Sender: h.reindl@thelounge.net X-Host-Fingerprint: 91.118.73.15 mail.thelounge.net Windows 98 (1) Received: from [91.118.73.15] ([91.118.73.15:63538] helo=mail.thelounge.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C4/49-30784-6C12EED4 for ; Tue, 07 Jun 2011 09:04:07 -0400 Received: from [10.0.0.99] (rh.thelounge.net [10.0.0.99]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.thelounge.net (Postfix) with ESMTPSA id 5BC29AD for ; Tue, 7 Jun 2011 15:04:03 +0200 (CEST) Message-ID: <4DEE21C2.5060305@thelounge.net> Date: Tue, 07 Jun 2011 15:04:02 +0200 Organization: the lounge interactive design User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110428 Fedora/3.1.10-1.fc14 Lightning/1.0b3pre Thunderbird/3.1.10 MIME-Version: 1.0 To: internals@lists.php.net References: <8757232E56758B42B2EE4F9D2CA019C901499F97@US-EX2.zend.net> <97.45.23189.8060DED4@pb1.pair.com> <4DED5F9B.7060101@thelounge.net> <4DEDC9F5.3030403@thelounge.net> <4DEDF049.7050504@gmail.com> <4DEDF216.6070308@thelounge.net> <4DEE1D47.8060209@gmail.com> In-Reply-To: <4DEE1D47.8060209@gmail.com> X-Enigmail-Version: 1.1.2 OpenPGP: id=7F780279; url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig373205E772E59116820CFC1A" Subject: Re: [PHP-DEV] Bundling "modern" extensions From: h.reindl@thelounge.net (Reindl Harald) --------------enig373205E772E59116820CFC1A Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Am 07.06.2011 14:44, schrieb David Muir: > On 07/06/11 18:40, Reindl Harald wrote: >> there is a reason for example to disallow many functions >> on a webserver - so every API has to make sure they >> can not be bypassed >> >> "because we can" is no valid reason for everything because >> we can install binary extension as they exist now and >> if you can not you are missing the permissions for some >> good reasons >> >=20 > So you're saying that PECL, PNI or FFI should should be actively > discouraged because of security concerns? WHERE i said this? PECL-Extensions can NOT be enabled by the user > What exactly are the security issues? > I'm really trying to figure out where you're coming from look in the php-changelogs how often "open_base_dir" was bypassed in the past and think about a low-level API for writing extensions installed by a user - after that think about how many idiots out there driving servers into a security-hell only with PHP and what the impact will be give them a low-level API --------------enig373205E772E59116820CFC1A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk3uIcMACgkQhmBjz394Ank3eQCfYF0ucH8ypEtk8iMe1Jgfhn9V 9hQAoIQ2WbIGB6y7A+Z3soXicCwUuMkS =ipUJ -----END PGP SIGNATURE----- --------------enig373205E772E59116820CFC1A--