Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:75002 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 63045 invoked from network); 19 Jun 2014 22:18:01 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Jun 2014 22:18:01 -0000 Authentication-Results: pb1.pair.com header.from=keisial@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=keisial@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.176 as permitted sender) X-PHP-List-Original-Sender: keisial@gmail.com X-Host-Fingerprint: 74.125.82.176 mail-we0-f176.google.com Received: from [74.125.82.176] ([74.125.82.176:36162] helo=mail-we0-f176.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 72/10-61414-79163A35 for ; Thu, 19 Jun 2014 18:18:00 -0400 Received: by mail-we0-f176.google.com with SMTP id u56so3004122wes.35 for ; Thu, 19 Jun 2014 15:17:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=RXKc64roNHa8Mf9wRo4RtJeOtsX2sWnM5kvRR9I7ACA=; b=Qij4bYePVhYbtdlB42yI61V2MnHBQBc52eSfyIzCWmYSnBrHjEsdbIIzgSDeFOG8+n y1bM195gUDQq7hntPht6JTV08/Vc/VeAMO3XL6voQs8n4QejpX6rc/3fhsSKNsqrDXnC OoTB3HcUk0c1asHX3HYcxZ3tBhUY9j8iVFQglfznswrqCwD1s2jrCrhKnp8+pmniVC08 v41jAyzeGrFp+Ihk8gBHJ33W7pHoWYzH/tZx0ae78fx0KEBQA8JrBMZAjfHghlaWnZGB JD5LHSkHs7xh4UL++dsYt9UkpALyvG0DJ+V6biWyjnpJHfLCzJyXps8e5yOQAsE89YyF 0Fpw== X-Received: by 10.194.92.148 with SMTP id cm20mr8174988wjb.57.1403216276839; Thu, 19 Jun 2014 15:17:56 -0700 (PDT) Received: from [192.168.1.27] (29.Red-88-20-86.staticIP.rima-tde.net. [88.20.86.29]) by mx.google.com with ESMTPSA id em7sm11391957wjd.34.2014.06.19.15.17.55 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 19 Jun 2014 15:17:56 -0700 (PDT) Message-ID: <53A36193.1010700@gmail.com> Date: Fri, 20 Jun 2014 00:17:55 +0200 User-Agent: Thunderbird MIME-Version: 1.0 To: PHP Developers Mailing List References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [PHP-DEV] PHP6, drop open_basedir? From: keisial@gmail.com (=?UTF-8?B?w4FuZ2VsIEdvbnrDoWxleg==?=) -1 Even when you use a dedicated user per vhost, a defense in depth strategy where you additionally restrict the to not access /tmp or /etc seems right.* Note containers/VM are not always available. chroot + bind mounts _would_ be able to provide that restriction, but it is a messy setup, both in folder structure and in polluting the mounts. AppArmor can be an alternative (assuming you have that LSM in your kernel) although you may need some trickery, as (IMHO) you can't having have a profile with different paths depending on the uid (and goog luck on restricting things like the php error log). I think you should provide -for a few of those alternatives- a recipe of "translating" an open_basedir to provide the same restriction. I suspect it will be quite hard to do (without requiring more server features -sometimes an upgrade-), specially when you start facing requisites like "don't allow enumerating the other accounts on this host". * Obviously, this can only work if the user can't exec outside of the php process. PS: I also disagree with the statement «mod_php but I think it is acceptable as it is mostly used as development server», but it may be considered ‘right’ to remove open_basedir even without that premise.