Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:60625 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 9741 invoked from network); 21 May 2012 12:42:01 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 May 2012 12:42:01 -0000 Authentication-Results: pb1.pair.com smtp.mail=laruence@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=laruence@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.42 as permitted sender) X-PHP-List-Original-Sender: laruence@gmail.com X-Host-Fingerprint: 209.85.215.42 mail-lpp01m010-f42.google.com Received: from [209.85.215.42] ([209.85.215.42:47011] helo=mail-lpp01m010-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 31/21-04025-7183ABF4 for ; Mon, 21 May 2012 08:42:00 -0400 Received: by lagy4 with SMTP id y4so3640725lag.29 for ; Mon, 21 May 2012 05:41:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:from:in-reply-to:mime-version:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=fUUn71OxSUOPt7q/TAjfU5NnGTg8oQr3K9I4is1hBM4=; b=VGK+2KXBtr/ZywDK1YnYyIt3kkeLLegP2p0omunADlbXNclbzHsfMTMOPrXAwkN5E/ k/0prkEDSkNMGA1foAGjqwewfnNKG6z+nWMaHAbMEWg8rQeEVBoDV5KtacratzIwlz7Z u26CEp8gw30vGmI2/1oyiyIntUxWyJP4RV1lFRmFJZF0EfCr2F9Z3gKZSrh2pjxtvjRN AxUV9w366wPQ1ZIcyMvSP8H5dPvKopPbGEHwdWHMtt/bZFAClC/Kbktzz3Dx644bX1jd zNI1s+8rO7mwMhQu58XRc+4ag9ec2kVR85/J6Xu1Jp95qRQXfjr7rZRWOFGfiRrfseQQ +e2A== Received: by 10.152.124.141 with SMTP id mi13mr3830741lab.50.1337604116837; Mon, 21 May 2012 05:41:56 -0700 (PDT) References: <5262BA67-53D2-4D19-9AD6-B1BFDABAC32E@sektioneins.de> In-Reply-To: <5262BA67-53D2-4D19-9AD6-B1BFDABAC32E@sektioneins.de> Mime-Version: 1.0 (1.0) Date: Mon, 21 May 2012 20:41:48 +0800 Message-ID: <-7697815941710803116@unknownmsgid> To: Stefan Esser Cc: Mailing-List php Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] zend_execute_internal hook missing from PHP 5 From: laruence@gmail.com (Xinchen Hui) Sent from my iPhone =E5=9C=A8 2012-5-21=EF=BC=8C18:42=EF=BC=8CStefan Esser =E5=86=99=E9=81=93=EF=BC=9A > Hi, > > it recently came to my attention that the function whitelist and blacklis= t feature inside Suhosin is easily bypassable since PHP 5.0. > > The reason for this is that PHP is no longer calling the zend_execute_int= ernal() hook if a function is called from another function (via zend_call_f= unction) > > In the days of PHP 4 the code looked like this: > > if (!zend_execute_internal) { > ((zend_internal_function *) EX(function_state).function)->hand= ler(EX(opline)->extended_value, EX(Ts)[EX(opline)->result.u.var].var.ptr, E= X(object).ptr, 1 TSRMLS_CC); > } else { > zend_execute_internal(&execute_data, 1 TSRMLS_CC); > } > > Nowadays (since PHP 5.0) the code was moved from call_user_function_ex to= zend_call_function and just looks like this: > > ((zend_internal_function *) EX(function_state).function)->handler(= fci->param_count, *fci->retval_ptr_ptr, fci->retval_ptr_ptr, fci->object_pt= r, 1 TSRMLS_CC); > > > While this has no immediate impact for average PHP users, it basically ki= lls the possibility for an extension like Suhosin to catch all function sta= rts. Actually, there is one, use user opcode handler hook the fcall series opcodes, that is how I did in taint extension. http://svn.php.net/viewvc/pecl/taint/trunk/taint.c?view=3Dmarkup&pathrev=3D= 325586 line 995 Thanks > This should also be a problem for your DTRACE support. And IIRC Xdebug wa= s hooking this point (at least in the past), too. > > My suggestion is to change the code to call the hook again. > > Regards, > Stefan > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php >