Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:69912 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 22160 invoked from network); 28 Oct 2013 11:43:21 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 28 Oct 2013 11:43:21 -0000 Authentication-Results: pb1.pair.com smtp.mail=julienpauli@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=julienpauli@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.49 as permitted sender) X-PHP-List-Original-Sender: julienpauli@gmail.com X-Host-Fingerprint: 209.85.212.49 mail-vb0-f49.google.com Received: from [209.85.212.49] ([209.85.212.49:35801] helo=mail-vb0-f49.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id CB/44-22054-7DD4E625 for ; Mon, 28 Oct 2013 06:43:20 -0500 Received: by mail-vb0-f49.google.com with SMTP id w16so4211357vbb.8 for ; Mon, 28 Oct 2013 04:43:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=WUgD1rZYFLUlqjrJE/Kd3yznrvcuktxewuCLP0pcCHc=; b=HwbhmM2dS4rnAA59FL2SSqB7p1Td+fTEuXjRkFtRf7NehzDgCHywDPpDaf/9dPvmI3 TzCx4X+7qWU4HAGs/CtdB9LPhMMlnFY768ngAI7y1Oq/1xsrvPhEjx7pfBmVvOYteOZ9 prACr7eQkTAkMVR36GSh9ZfP8plHgXw8b2jmBDqbkCg+5k71rc1GK5c6TUP3hORmdT5U Vz3gUZfqASbO+WBtEyGZ7kY5dDvNgs+C7ZNTy1k4zPostPvvcQQ5i9der2BAPW6ZBa3K 9nZ5x0vAPiQD2XniD1Ubt6gEoFIUPrzrt8sP5oJrrHE87o6XmAmHZUmtyQiVk60mhbw4 ygdA== X-Received: by 10.52.191.162 with SMTP id gz2mr1097081vdc.26.1382960597304; Mon, 28 Oct 2013 04:43:17 -0700 (PDT) MIME-Version: 1.0 Sender: julienpauli@gmail.com Received: by 10.220.73.197 with HTTP; Mon, 28 Oct 2013 04:42:37 -0700 (PDT) In-Reply-To: <526E464B.5030208@php.net> References: <3E.D7.40084.12BBA625@pb1.pair.com> <526B554F.1020606@pthreads.org> <526CAF56.70908@pthreads.org> <526E464B.5030208@php.net> Date: Mon, 28 Oct 2013 12:42:37 +0100 X-Google-Sender-Auth: 6E2L3BzOFjuoXVhFImxFBWBlnyc Message-ID: To: Joe Watkins Cc: PHP Internals Content-Type: multipart/alternative; boundary=001a1135fb02243b3c04e9cb9b8e Subject: Re: [PHP-DEV] error_log binary unsafe From: jpauli@php.net (Julien Pauli) --001a1135fb02243b3c04e9cb9b8e Content-Type: text/plain; charset=ISO-8859-1 On Mon, Oct 28, 2013 at 12:11 PM, Joe Watkins wrote: > On 10/28/2013 10:50 AM, Julien Pauli wrote: > >> On Sun, Oct 27, 2013 at 7:14 AM, Joe Watkins >> wrote: >> >> On 10/26/2013 11:54 PM, Yasuo Ohgaki wrote: >>> >>> Hi Joe, >>>> >>>> On Sun, Oct 27, 2013 at 7:48 AM, Yasuo Ohgaki >>> >>> yohgaki@ohgaki.net>> wrote: >>>> >>>> On Sat, Oct 26, 2013 at 2:38 PM, Joe Watkins >>>> >>>> ****> wrote: >>>> >>>> Mail is not yet handled, TCP/IP is not supported any more, >>>> streams are binary safe. >>>> The SAPI and default error logging mechanism are all that >>>> require attention. >>>> >>>> The patch is not final and doesn't include a fix for every >>>> implementation of SAPI. >>>> >>>> I don't see the need for confusion ?? >>>> >>>> >>>> Generally speaking, I'm not against making functions/features >>>> binary safe. >>>> >>>> There are many implementations of syslog/SAPI and not sure if it >>>> is good for all. >>>> It could cause BC issue also. For example, application like OSSEC >>>> HIDS detects >>>> possible intrusion by analyzing logs. Patching SAPI may break >>>> these applications. >>>> >>>> I'm not against applying your patch to master, but it's not for >>>> released versions. >>>> We needs UPGRADE note if the patch is applied. >>>> >>>> >>>> I think it's good for master. >>>> Do you have commit karma? >>>> If not, I'm willing to merge your patch unless there are not objections. >>>> >>>> Regards, >>>> >>>> -- >>>> Yasuo Ohgaki >>>> yohgaki@ohgaki.net >>>> >>>> >>> I don't have karma ... >>> >>> There are lots of SAPI's, but this patch wasn't meant to implement them >>> all, only to provide a route whereby they can implement binary safe >>> log_message in the shape of log_message_ex. >>> >>> The patch implements binsafe log for cli and cgi, do we need to implement >>> any more ?? >>> >>> >> Joe: Why do you use strlen() ? This leads to the same not binary safe >> string, am I wrong ?? >> https://github.com/krakjoe/**php-src/commit/** >> be5f38ddd449c20230c042aef9757e**fb2ee08188#diff-** >> 1a9cfc6173e3a434387996e46086da**56R610 >> >> Julien Pauli >> >> > (sorry if you got this twice, my interweb is playing up) > > Hi Julien, > > The binary safe logging interface for SAPI is log_message_ex and > the binary safe logging function for php is php_log_err_ex > The old function must remain, and use string length just as it did > before. > I see, that means that the actual patch does not turn logging to binary safe logs, but gives functions for that. Turning logs to binary safe would then mean tracking every unsafe log function (php_log_err()) and turn it to php_log_err_ex() with an explicit string length. Julien Pauli --001a1135fb02243b3c04e9cb9b8e--