Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74971 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 95371 invoked from network); 18 Jun 2014 07:57:14 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Jun 2014 07:57:14 -0000 Authentication-Results: pb1.pair.com header.from=lester@lsces.co.uk; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=lester@lsces.co.uk; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain lsces.co.uk from 217.147.176.214 cause and error) X-PHP-List-Original-Sender: lester@lsces.co.uk X-Host-Fingerprint: 217.147.176.214 mail4-2.serversure.net Linux 2.6 Received: from [217.147.176.214] ([217.147.176.214:39722] helo=mail4.serversure.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 37/64-01877-75641A35 for ; Wed, 18 Jun 2014 03:57:12 -0400 Received: (qmail 3411 invoked by uid 89); 18 Jun 2014 07:57:08 -0000 Received: by simscan 1.3.1 ppid: 3403, pid: 3408, t: 0.1022s scanners: attach: 1.3.1 clamav: 0.96/m:52 Received: from unknown (HELO ?10.0.0.112?) (lester@rainbowdigitalmedia.org.uk@81.138.11.136) by mail4.serversure.net with ESMTPA; 18 Jun 2014 07:57:08 -0000 Message-ID: <53A14652.1060709@lsces.co.uk> Date: Wed, 18 Jun 2014 08:57:06 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: PHP internals References: <53A10C5B.1000003@lerdorf.com> <53A12C3D.1060808@sugarcrm.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] PHP6, drop open_basedir? From: lester@lsces.co.uk (Lester Caine) On 18/06/14 07:29, Pierre Joye wrote: >> Bad decision was to brand open_basedir as security function that allows >> > defense against attacker with PHP code execution rights. It is obvious >> > we can not deliver on this promise. However, it does not mean that used >> > differently - e.g. as a safeguard in your own code to not access things >> > that you don't want this code to access by mistake - it can not be used. >> > I think it can. > This exact example is easily done using system features. > > Anyway, we have different views and that's why I started to this > thread, to know other views :) > > I will still create a RFC to get an official result on that as all the > users I talked to, as well as security people, consider this feature > as a problem. I keep being told 'If you don't like it you don't have to use it' but if you remove something that I like I have little choice. As indicated this is NOT a security feature, but simply a ring fence which DOES pick up silly mistakes like copying code from one branch or site to another without correcting the paths. Something which is difficult to find in the IDE often, but sticks out like a saw thumb in the run level. If you can explain how to provide that ring fence another way then I'd be happy to conciser it, but this does have a use other than some additional magic bullet for security. It simply prevents access cross path where a user does have valid access rights to all of the paths. Given the right wrapper in the deployment it works well ... if you don't like it simply switch it off ... -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk