Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:74939
Return-Path: <johannes@schlueters.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 82064 invoked from network); 17 Jun 2014 10:33:19 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Jun 2014 10:33:19 -0000
Authentication-Results: pb1.pair.com header.from=johannes@schlueters.de; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=johannes@schlueters.de; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain schlueters.de from 217.114.215.10 cause and error)
X-PHP-List-Original-Sender: johannes@schlueters.de
X-Host-Fingerprint: 217.114.215.10 mail.experimentalworks.net  
Received: from [217.114.215.10] ([217.114.215.10:37727] helo=mail.experimentalworks.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 1E/41-08302-D6910A35 for <internals@lists.php.net>; Tue, 17 Jun 2014 06:33:17 -0400
Received: from [192.168.2.31] (ppp-93-104-24-45.dynamic.mnet-online.de [93.104.24.45])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: johannes@schlueters.de)
	by mail.experimentalworks.net (Postfix) with ESMTPSA id AE71740127;
	Tue, 17 Jun 2014 12:33:17 +0200 (CEST)
To: Pierre Joye <pierre.php@gmail.com>
Cc: PHP internals <internals@lists.php.net>
In-Reply-To: <CAEZPtU7rc+JpguO=Ke8UmiLLaidvyJEQ81C9Lsvn8yHgkp=+qw@mail.gmail.com>
References:
	 <CAEZPtU7rc+JpguO=Ke8UmiLLaidvyJEQ81C9Lsvn8yHgkp=+qw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Tue, 17 Jun 2014 12:32:45 +0200
Message-ID: <1403001165.2546.5998.camel@guybrush>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3 
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] PHP6, drop open_basedir?
From: johannes@schlueters.de (Johannes =?ISO-8859-1?Q?Schl=FCter?=)

On Tue, 2014-06-17 at 10:26 +0200, Pierre Joye wrote:
> I think it is not worth the effort to keep maintaining something that
> will never be as safe as system level permissions.
> 
> What do you think about removing it in php 6? Thoughts?

I don't see big maintenance issues. Most stream operations use PHP
streams which encapsulate that. Now there are 25 extensions directly
referring to open_basedir. From a quick look it seems that in all of
those cases we'd have to replace the open_basedir check by resolving
using VCWD (which open_basedir checks do implicitly[1]) which is
required by TSRM, thus we wouldn't win anything there.

Secondly, yes, this is not secure and not safe (and luckily not called
safe_basedir) but it is a mitigation against easy exploitation of
programming bugs and as such serves a purpose even when not protecting
against truly malicious people, especially ones with script execution
privileges.

johannes

[1] In some cases there might be bugs due to missing extra VCWD which i
didn't check now might be worth checking by somebody interested in TSRM