Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:58668 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 27102 invoked from network); 6 Mar 2012 16:14:04 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Mar 2012 16:14:04 -0000 Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain lerdorf.com from 209.85.214.170 cause and error) X-PHP-List-Original-Sender: rasmus@lerdorf.com X-Host-Fingerprint: 209.85.214.170 mail-tul01m020-f170.google.com Received: from [209.85.214.170] ([209.85.214.170:54426] helo=mail-tul01m020-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 12/C5-32184-AC7365F4 for ; Tue, 06 Mar 2012 11:14:03 -0500 Received: by obbwd1 with SMTP id wd1so6475837obb.29 for ; Tue, 06 Mar 2012 08:14:00 -0800 (PST) Received-SPF: pass (google.com: domain of rasmus@lerdorf.com designates 10.182.159.65 as permitted sender) client-ip=10.182.159.65; Authentication-Results: mr.google.com; spf=pass (google.com: domain of rasmus@lerdorf.com designates 10.182.159.65 as permitted sender) smtp.mail=rasmus@lerdorf.com Received: from mr.google.com ([10.182.159.65]) by 10.182.159.65 with SMTP id xa1mr10574752obb.25.1331050440381 (num_hops = 1); Tue, 06 Mar 2012 08:14:00 -0800 (PST) Received: by 10.182.159.65 with SMTP id xa1mr9184537obb.25.1331050440312; Tue, 06 Mar 2012 08:14:00 -0800 (PST) Received: from [192.168.200.5] (c-50-131-44-225.hsd1.ca.comcast.net. [50.131.44.225]) by mx.google.com with ESMTPS id f2sm796599oef.6.2012.03.06.08.13.59 (version=SSLv3 cipher=OTHER); Tue, 06 Mar 2012 08:13:59 -0800 (PST) Message-ID: <4F5637C6.5060608@lerdorf.com> Date: Tue, 06 Mar 2012 08:13:58 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 MIME-Version: 1.0 To: John Crenshaw CC: Adam Jon Richardson , Stas Malyshev , "internals@lists.php.net" References: <4F55DB1F.5040108@sugarcrm.com> In-Reply-To: X-Enigmail-Version: 1.3.5 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQmFatlGg0Mp+vx1mG0aFHh5tzKdUKpbVwVMgv8KaFvnKRl7r8aNdYHjSrB1VRZ8BAmy1zUV Subject: Re: [PHP-DEV] Providing sandboxed versions of include and require language constructs From: rasmus@lerdorf.com (Rasmus Lerdorf) On 03/06/2012 06:03 AM, John Crenshaw wrote: > I've seen a simple "safe" code evaluator put together using token_get_all. I'm certain that you could create an include_restricted() function in userland using a similar system: walk through the tokens looking for anything forbidden (this will be tricky, because there are a lot of nooks that things could hide, like superglobals), then if everything looks good include the file. Use a caching system of some sort to improve performance and eliminate redundant checks. Yeah, a token approach wouldn't work. $a = 'mysql_connect'; $a($args); trivially circumvents that. It would have to build new function/class hashtables directly which is rather expensive so from a performance perspective this would not be pretty. I suppose an opcode cache could cache these to speed this up quite a bit, but there would still need to be extra gear in place to manage multiple hash tables and some code to check if there was an overriding hash to be used for every op_array. -Rasmus