Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:6648
Return-Path: <prasek@silesia.cz>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 87244 invoked by uid 1010); 20 Dec 2003 12:13:22 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 87151 invoked from network); 20 Dec 2003 12:13:21 -0000
Received: from unknown (HELO mail.tiscali.cz) (213.235.135.71)
  by pb1.pair.com with SMTP; 20 Dec 2003 12:13:21 -0000
Received: from wbp1 (213.235.189.246) by mail.tiscali.cz (6.7.018)
        id 3FB96809009C068B for internals@lists.php.net; Sat, 20 Dec 2003 13:08:55 +0100
Message-ID: <006501c3c6f2$9002e540$d300a8c0@webpropag.cz>
To: <internals@lists.php.net>
Date: Sat, 20 Dec 2003 13:12:03 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="windows-1250"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Subject: Extending PHP  with sandbox capability ? 
From: prasek@silesia.cz (=?windows-1250?Q?ing . Martin_Pr=E1=9Aek?=)

Sandbox ?=20

I have been forced to create PHP application that need inside  execution =
of  code snipplets  from untrusted users and do it as secure as =
possible. I see it is not possible for some security raesons. (db =
connection,resources etc.). So I suggest to add a simple sandbox =
capability to PHP language, that help avoid security risk in situations =
where executing of 3rd party code inside of some application is needed.

I suggest, that code, what will be run inside a sandbox will have no way =
to acces resources (open files, db connection etc) from outside of the =
sandbox,will have a limited (ie strictly defined) acces to current =
global and  local scope variablers and may be other security checks too.

I suggest to have following things:

 =
Create_sandbox($path,$global_read,$global_write,$scope_read,$scope_write,=
$resource_available)

function that define sandbox and set its parameters.Parameters of the =
sandbox describes what from outside sandbox will be available inside.=20

$path =3D from where in filesystem code inside a sandbox  can =
read/write/include other files
$global_read =3D list of global variables, that are readable inside a =
sandbox
$global_write =3D list of global variables, that are writable inside a =
sandbox
$scope_read =3D like $global_read,but for current scope
$scope_write =3D ...... =20
$resource_available =3D list of openned resources, that are available =
inside a sandbox.=20

return $sandbox_id or false if fail.




sandbox_eval($sandbox_id,$code)

like eval, but inside a sandbox.=20


sandbox_include($sandbox_id,$path)=20

like include, but inside sandbox.


sandbox_close($sandbox_id)

close and destroy sandbox.



It hing it should work like this


<?
.
.
// do something=20
.
.
// define sandbox here=20
$sandbox_id=3D =
Create_sandbox($path,$global_read,$global_write,$scope_read,$scope_write,=
$resource_available)
.
.
.
// do something
.
.
//here I need to use previously defined sandbox
sandbox_eval($sandbox_id,$code)
.
.
// do something
.
.
.
//here I need to execute other code inside of  the same sandbox
sandbox_include($sandbox_id,$path)=20
.
.
.
//do something
.
.
//end of script, so sandbox is closed
sandbox_close($sandbox_id)
?>


I thing that suggested  things adds a simple to use, but yet secure and =
flexibile capabilities for executing "not so trusted" third party code =
inside any PHP aplication .It may add several bennefits for gerneral PHP =
security too.What do you think ?


PS: Execuse my bad language, English is not my native.