Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:62039 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 702 invoked from network); 4 Aug 2012 20:08:43 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Aug 2012 20:08:43 -0000 Authentication-Results: pb1.pair.com header.from=g.b.yahav@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=g.b.yahav@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.42 as permitted sender) X-PHP-List-Original-Sender: g.b.yahav@gmail.com X-Host-Fingerprint: 209.85.212.42 mail-vb0-f42.google.com Received: from [209.85.212.42] ([209.85.212.42:39565] helo=mail-vb0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A6/E2-19861-B418D105 for ; Sat, 04 Aug 2012 16:08:43 -0400 Received: by vbbfs19 with SMTP id fs19so1921966vbb.29 for ; Sat, 04 Aug 2012 13:08:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=r+yS2D/n5/gvQKky8dA5W8Zd//2T522oS/1uGJWVfrg=; b=PsDiCVC8kxuwdL3GimqQzesifrG17ee1+K/W5gW/ZSvayFhBuzjOE44CdskZzZjXGn 6520DSprx+mQJSb875KqC3yUykb6lPnPSQBbwLQaAEFeY8e3T2EzcZWk99gvFaX8hxTC ePDXf/V4obZj4/+ayQ77sJFAFjXXjjN1Oswohnv7YYq605baRnkVqIaGHI/ZHLv/057Q GUpTJpcMWW6QZfMsoS1sPI3/vcccPYHaVhfwOU0MlY9CiGpJc742kqIG/bR3ZnUJS8D9 oTmqGkie9oFLs9fsmwOnfRYrOCjHMN1aDbK0SYJVO+FR8g1+bWBsHzcc7KWsGmo4bERL APfw== Received: by 10.52.97.196 with SMTP id ec4mr3901147vdb.96.1344110919756; Sat, 04 Aug 2012 13:08:39 -0700 (PDT) MIME-Version: 1.0 Received: by 10.52.92.18 with HTTP; Sat, 4 Aug 2012 13:08:19 -0700 (PDT) In-Reply-To: References: Date: Sat, 4 Aug 2012 23:08:19 +0300 Message-ID: To: Nikita Popov Cc: PHP internals Content-Type: multipart/alternative; boundary=20cf307f3798e92ba404c676359b Subject: Re: [PHP-DEV] Integrate PECL into PHP From: g.b.yahav@gmail.com (Yahav Gindi Bar) --20cf307f3798e92ba404c676359b Content-Type: text/plain; charset=ISO-8859-1 On Sat, Aug 4, 2012 at 11:03 PM, Nikita Popov wrote: > On Sat, Aug 4, 2012 at 9:57 PM, Yahav Gindi Bar > wrote: > > We had dl() until it was deprecated, and even when we got it I guess that > > administrators disabled the dl() method because of security reasons. > > However, PECL got limited extensions which, as long as I know, does not > put > > the server into security risks (maybe I've said something VERY STUPID > right > > now, so excuse me...) > > PECL extensions are C code. "C code" is programmer slang for "security > risk". > > I mean, seriously, extension code can be pretty much everything. > Allowing people to load extensions from userland would go beyond > fatal. > > Nikita > Because of that I wondered if it's stupid or not... I understand the reason to disable the ability to install extensions generally, but doesn't the extensions in PECL got filtered before adding them to the PECL library? My main idea is to allow only installation of extensions available in PECL (just a wrapper to the "pecl" tool, because shared hosting users cannot access it...) --20cf307f3798e92ba404c676359b--