Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:8628
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Date: Fri, 19 Mar 2004 13:46:29 -0800 (PST)
To: Ilia Alshanetsky <ilia@prohost.org>
cc: internals@lists.php.net, boulat@funio.com
In-Reply-To: <200403191641.18788.ilia@prohost.org>
Message-ID: <Pine.LNX.4.58.0403191342520.2205@thinkpad.lerdorf.com>
References: <61700.66.158.132.127.1079718509.squirrel@www.funio.com>
 <200403191609.28127.ilia@prohost.org> <63849.66.158.132.127.1079731711.squirrel@www.funio.com>
 <200403191641.18788.ilia@prohost.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: [PHP-DEV] new security related directive for php-4.3.4
From: rasmus@php.net (Rasmus Lerdorf)

On Fri, 19 Mar 2004, Ilia Alshanetsky wrote:
> On March 19, 2004 04:28 pm, boulat@funio.com wrote:
> > So then following your logic why not remove open_basedir,safe_mode,etc all
> > together from PHP, just to increase the performance?
> 
> Because it would break BC. When these options were developed Apache 2 was not 
> around and fastcgi support was flimsy at best. Using plain CGI (which MANY 
> ISPs use) to run PHP is quite resource intensive.

Ilia, come back to reality man!  Are you really suggesting that people use
Apache2 with the perchild MPM to solve this problem?  If so, that's pretty
funny.  I also fail to see how fastcgi solves the thousands of users on a
machine problem.  It's not like fastcgi can switch back and forth either,
so you would need to run thousands of backend fastcgi php's all the time.

> The open_basedir, safe_mode are hacks that were added because webservers 
> at the time didn't not have the ability to easily distinguish individual 
> user accounts and adjust the process uid/gid accordingly. 

And they still don't.

-Rasmus