Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:6654
Return-Path: <cschneid@cschneid.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 67667 invoked by uid 1010); 20 Dec 2003 18:28:15 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 67613 invoked from network); 20 Dec 2003 18:28:15 -0000
Received: from unknown (HELO matrix.gna.ch) (195.226.6.8)
  by pb1.pair.com with SMTP; 20 Dec 2003 18:28:15 -0000
Received: from localhost (localhost [127.0.0.1])
	by matrix.gna.ch (Postfix) with ESMTP
	id 9B33D165; Sat, 20 Dec 2003 19:28:14 +0100 (CET)
Received: by matrix.gna.ch (Postfix, from userid 65534)
	id 46FD81CF; Sat, 20 Dec 2003 19:28:13 +0100 (CET)
Received: from cschneid.com (unknown [195.226.4.61])
	by matrix.gna.ch (Postfix) with ESMTP
	id 0C34B165; Sat, 20 Dec 2003 19:28:10 +0100 (CET)
Message-ID: <3FE494B9.7090501@cschneid.com>
Date: Sat, 20 Dec 2003 19:28:09 +0100
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031009
X-Accept-Language: de-ch, de, en-us, en
MIME-Version: 1.0
To: Lukas Smith <smith@backendmedia.com>
Cc: =?ISO-8859-2?Q?=22=27ing=2EMartin_Pr=E1=B9ek=27=22?= <prasek@silesia.cz>,
	internals@lists.php.net
References: <006501c3c6f2$9002e540$d300a8c0@webpropag.cz> <php.internals-6649@news.php.net>
In-Reply-To: <php.internals-6649@news.php.net>
X-Enigmail-Version: 0.76.7.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
	matrix.gna.ch
X-Spam-Level: 
X-Spam-Status: No, hits=-4.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham 
	version=2.61
X-Virus-Scanned: by AMaViS Ultramail snapshot-20020531
Subject: Re: [PHP-DEV] Extending PHP  with sandbox capability ? 
From: cschneid@cschneid.com (Christian Schneider)

Lukas Smith wrote:
>>Sandbox ?

This would have to be done _very_ carefully to not leave a backdoor 
open. PHP offers oh so many ways of accessing the system.

I guess one'd have to start with safe_mode with quite some functions 
disabled and go from there. But...

> BTW: if PHP wants to be the ultimate template engine it needs such a

Maybe it's easier (and safer too) to not eval PHP code from external 
sources. You'd also have to make sure the output of their code is valid 
(X)HTML or they could render your whole site invalid (think closing 
table they didn't open, inserting javascript code and the like). And 
that's already hard enough as it is. Allowing them to submit SQL queries 
for example opens up a whole new can of worms.

I guess a sandbox model is something to be thought about for PHP6 ;-)

- Chris