Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:6660 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 93241 invoked by uid 1010); 21 Dec 2003 16:52:47 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 93205 invoked from network); 21 Dec 2003 16:52:47 -0000 Received: from unknown (HELO mail.tiscali.cz) (213.235.135.72) by pb1.pair.com with SMTP; 21 Dec 2003 16:52:47 -0000 Received: from wbp1 (213.235.189.246) by mail.tiscali.cz (6.7.018) id 3FB9693500900DFD; Sun, 21 Dec 2003 17:48:31 +0100 Message-ID: <000b01c3c7e2$cc9ec780$d300a8c0@webpropag.cz> To: "Christian Schneider" , "Lukas Smith" Cc: References: <006501c3c6f2$9002e540$d300a8c0@webpropag.cz> <3FE494B9.7090501@cschneid.com> Date: Sun, 21 Dec 2003 17:51:44 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: [PHP-DEV] Extending PHP with sandbox capability ? From: prasek@silesia.cz (=?iso-8859-1?Q?ing . Martin_Pr=E1sek?=) ----- Puvodn=ED zpr=E1va -----=20 Od: "Christian Schneider" Komu: "Lukas Smith" Kopie: "'ing.Martin Pr=E1=B9ek'" ; = Odesl=E1no: 20. prosince 2003 19:28 Predmet: Re: [PHP-DEV] Extending PHP with sandbox capability ?=20 > Lukas Smith wrote: > >>Sandbox ? >=20 > This would have to be done _very_ carefully to not leave a backdoor=20 > open. PHP offers oh so many ways of accessing the system. >=20 > I guess one'd have to start with safe_mode with quite some functions=20 > disabled and go from there. But... Safe mode is useful, but it is not what I need. Fix me if i am wrong, = but I thing safe mofe can not be started in the middle of the script and = then disabled again, so for creating a sandbox is complettly useles. >=20 > > BTW: if PHP wants to be the ultimate template engine it needs such a >=20 > Maybe it's easier (and safer too) to not eval PHP code from external=20 > sources. Know that, but when you _need_ it ?=20 > You'd also have to make sure the output of their code is valid=20 > (X)HTML or they could render your whole site invalid (think closing=20 > table they didn't open, inserting javascript code and the like). PHP5 have integrated tidy so let this (X)HTML check to be done by = application designer, not by the sandbox itself. > that's already hard enough as it is. Allowing them to submit SQL = queries=20 > for example opens up a whole new can of worms. Definietly, not. Because inside you have no acces to resources from = inside of the sandbox, you can not use established db connections, = opened files, shm and so on. Code inside the sandbox need to connect to = sql database before any SQL can be used.If code inside sandbox will = connect to database as another user (or better, to another database), = there is very simple way, just using proper SQL GRANT/REVOKE by = application designer and it keep vital data complettly out of reach for = sandboxed code. I see no problems here. >=20 > I guess a sandbox model is something to be thought about for PHP6 ;-) >=20 > - Chris >