Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:74970
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 87611 invoked from network); 18 Jun 2014 06:29:23 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Jun 2014 06:29:23 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.48 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.192.48 mail-qg0-f48.google.com  
Received: from [209.85.192.48] ([209.85.192.48:58888] helo=mail-qg0-f48.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B8/03-01877-1C131A35 for <internals@lists.php.net>; Wed, 18 Jun 2014 02:29:21 -0400
Received: by mail-qg0-f48.google.com with SMTP id q108so339762qgd.7
        for <internals@lists.php.net>; Tue, 17 Jun 2014 23:29:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=0zrR9YQnT/wQ6TlomgUVOhcT4/B/GGX6MhLHG+Uf3R0=;
        b=0XOimgrhETpYkquNdBxIH+jbOCpyfZqO4Af23tsqgoCYcFO+qG3ENsE6sexCNrrbjS
         TelYvV8z/336/zfuc/ElwW9efFimERmK/Euf5LGgomxgp/va6C5InmAAkPPOwQvpciT0
         UybiMkYEmWHxZkw9o22oW4t/F+G7CDXTLErE0xBuMFsdlu9zop7rrcVEjC/lm2ul0tWZ
         aQiCzZJhVCkOrvtmiBlbUiB+fZ4eVjskI8/NboGqMaSk9uio4BBaPJL1RosndXF0coF4
         6kgQBg9f4wxyNHWcxW1GtfQU0Ok22wfl0ieKuc09RrT3XEzi+mC+lsJ9luTSCwR3yodE
         OAwQ==
MIME-Version: 1.0
X-Received: by 10.224.29.76 with SMTP id p12mr86033qac.18.1403072958839; Tue,
 17 Jun 2014 23:29:18 -0700 (PDT)
Received: by 10.140.37.115 with HTTP; Tue, 17 Jun 2014 23:29:18 -0700 (PDT)
In-Reply-To: <53A12C3D.1060808@sugarcrm.com>
References: <CAEZPtU7rc+JpguO=Ke8UmiLLaidvyJEQ81C9Lsvn8yHgkp=+qw@mail.gmail.com>
	<53A10C5B.1000003@lerdorf.com>
	<CAEZPtU7=rKAuucx61NUqteoD4z-w6RK0dLQKKK=RRjVnxkViug@mail.gmail.com>
	<53A12C3D.1060808@sugarcrm.com>
Date: Wed, 18 Jun 2014 08:29:18 +0200
Message-ID: <CAEZPtU6wrE0P1UmUP4f8_OX7=vFyObTChKbFg7h-qiq0Eh6YtQ@mail.gmail.com>
To: Stas Malyshev <smalyshev@sugarcrm.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] PHP6, drop open_basedir?
From: pierre.php@gmail.com (Pierre Joye)

On Wed, Jun 18, 2014 at 8:05 AM, Stas Malyshev <smalyshev@sugarcrm.com> wrote:
> Hi!
>
>> It gives a false sense of safety, and that alone for me is a good
>> enough reason to remove it. it is not as bad as safe_mode but simply
>> not good.
>
> If you use it right, it does not. Every security feature would give you
> false sense of safety if you use it wrong - but that alone is not the
> reason to not have it at all, if it has legitimate uses. IMO
> open_basedir does.
>
>> That being said I have no issue with keeping it besides the lost
>> opportunity to get rid of an old bad decision.
>
> Bad decision was to brand open_basedir as security function that allows
> defense against attacker with PHP code execution rights. It is obvious
> we can not deliver on this promise. However, it does not mean that used
> differently - e.g. as a safeguard in your own code to not access things
> that you don't want this code to access by mistake - it can not be used.
> I think it can.

This exact example is easily done using system features.

Anyway, we have different views and that's why I started to this
thread, to know other views :)

I will still create a RFC to get an official result on that as all the
users I talked to, as well as security people, consider this feature
as a problem.

Cheers,
-- 
Pierre

@pierrejoye | http://www.libgd.org