Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:74932
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 67124 invoked from network); 17 Jun 2014 08:26:36 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Jun 2014 08:26:36 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.42 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.216.42 mail-qa0-f42.google.com  
Received: from [209.85.216.42] ([209.85.216.42:60677] helo=mail-qa0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 7B/D0-59176-BBBFF935 for <internals@lists.php.net>; Tue, 17 Jun 2014 04:26:35 -0400
Received: by mail-qa0-f42.google.com with SMTP id dc16so9046235qab.29
        for <internals@lists.php.net>; Tue, 17 Jun 2014 01:26:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=mlEPELeB8o1mL5Q7XfKifycEWfn9/X5y8dM5PQRLUCk=;
        b=l/kkfD+nWX+wUO5uRj7ufni8EaKpnZx0ILHWgl0FlO99NseNi7iZaKpBjODrYfZoOf
         Lo7lnAVSAfpDKe14iogBLTgJCy8SH8Pp3xBDHuVvDXAhlRcQ3qqXIUq2yKMslviNufjq
         ps3xDmQvq6kGFfkFaNWGcBSeXuui9Py9pidux8oc6NfAN3vChCWJ5+504gCv6GtYpoCh
         4Cb6c0t5q/rdKB8HqHoZm0ZOa0NFQ2lngtDSZorO3wKmqCF2RMOjxZRdnTEcPWtZuZZD
         CrBH44mMZ5tHGqAEBc0IzwbPj5J6X/NuyPrn0wbAPumPAh8NEICrbShOJN4InDY151KG
         bATA==
MIME-Version: 1.0
X-Received: by 10.140.92.116 with SMTP id a107mr10340264qge.115.1402993592512;
 Tue, 17 Jun 2014 01:26:32 -0700 (PDT)
Received: by 10.140.37.115 with HTTP; Tue, 17 Jun 2014 01:26:32 -0700 (PDT)
Date: Tue, 17 Jun 2014 10:26:32 +0200
Message-ID: <CAEZPtU7rc+JpguO=Ke8UmiLLaidvyJEQ81C9Lsvn8yHgkp=+qw@mail.gmail.com>
To: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: PHP6, drop open_basedir?
From: pierre.php@gmail.com (Pierre Joye)

hi,

One of the last reminding so called "security" feature is open_basedir.

On Windows f.e. it is very easy to create application pool with the
right users/permissions settings (IIS) or only permissions settings
(Apache). It is not possible to create one user per host on Apache
using mod_php but I think it is acceptable as it is mostly used as
development server or dedicated apps.

On linux, fcgi/fpm with linux permissions systems allow pretty much
the same. And my solutions exist for a per user/application isolation
system.

I think it is not worth the effort to keep maintaining something that
will never be as safe as system level permissions.

What do you think about removing it in php 6? Thoughts?

Cheers,
-- 
Pierre

@pierrejoye | http://www.libgd.org