Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:8635
Return-Path: <rasmus@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 93601 invoked by uid 1010); 19 Mar 2004 23:19:48 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 93577 invoked from network); 19 Mar 2004 23:19:47 -0000
Received: from unknown (HELO colo.lerdorf.com) (66.198.51.121)
  by pb1.pair.com with SMTP; 19 Mar 2004 23:19:47 -0000
Received: from rasmus2.corp.yahoo.com (rasmus2.corp.yahoo.com [207.126.233.18])
	by colo.lerdorf.com (8.12.11/8.12.11/Debian-3) with ESMTP id i2JNJkDj012719;
	Fri, 19 Mar 2004 15:19:46 -0800
Date: Fri, 19 Mar 2004 15:19:41 -0800 (PST)
X-X-Sender: rasmus@thinkpad.lerdorf.com
To: Ilia Alshanetsky <ilia@prohost.org>
cc: internals@lists.php.net
In-Reply-To: <200403191801.31596.ilia@prohost.org>
Message-ID: <Pine.LNX.4.58.0403191504450.2205@thinkpad.lerdorf.com>
References: <61700.66.158.132.127.1079718509.squirrel@www.funio.com>
 <200403191709.29446.ilia@prohost.org> <Pine.LNX.4.58.0403191413140.2205@thinkpad.lerdorf.com>
 <200403191801.31596.ilia@prohost.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Status: No, hits=-4.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham 
	version=2.63
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on colo
Subject: Re: [PHP-DEV] new security related directive for php-4.3.4
From: rasmus@php.net (Rasmus Lerdorf)

On Fri, 19 Mar 2004, Ilia Alshanetsky wrote:
> I am not suggesting we remove open_basedir or safe_mode although I still 
> maintain they are horrible kludges implemented in the wrong place as it is 
> not the job of scripting language to implement file system security. Adding 
> further hacks, prevents the development of real solutions to the problem 
> rather then hacks trivially bypassed.

This is also not the argument here.  How many times have you heard me say 
that this should not be PHP's problem?  It is architecturally incorrect to 
fix this problem in PHP and it can never be done correctly.  However, PHP 
is also the pragmatic solution to the web problem and until such a time 
when someone else decides to actually fix this, we have to address it.  
And I completely don't buy the "improving our hacks prevents development 
of a real solution" argument.  If we were talking about the same 
developers working on both, or even if there was a clear way to solve the 
actual problem that argument might have some weight, but it isn't the same 
developers nor is there a straightforward way to solve this just looking 
for someone to sit down and write the code.

Even if someone was to actually fix the perchild MPM in Apache2 that still 
leaves us with all the thread safety problems in many extensions and the 
lack of tools to debug these problems.  And a non-threaded perchild 
implementation doesn't make any sense.  So where does this leave us?  
Looking for ideas and stuck with open_basedir for a while which in my 
opinion means we need to make our crappy hack as useful as possible since 
there is no sign of a white knight arriving any time soon to solve this 
problem for us.

-Rasmus