Stanislav Malyshev wrote: >> include to work on those. Making a hack in PHP to allow "phar://" >> streams to work is a bad idea, a C-extension can easily work here. > > So from now on, every time we would want to user stream we'd have to do > C extension and all user stream functionality in PHP is just useless? > And all that for some weird reincarnation on safe mode again? I don't > know how it sounds for you, but form be it sounds really broken way to > do things - throwing perfectly good and working userspace streams > because of pseudo-security configurations.
Hi, I'd like to remind everyone that I brought up this issue when it was originally proposed to make userspace streams always remote and to disable allow_url_fopen/allow_url_include. This was in the days when Esser was still around, to put it in context. The only solution that would allow userspace streams to function *and* allow security would be to implement safe_mode 2.0: disable all remote access functions when inside a streams handler. The implementation is actually quite simple on the surface, but immensely complex in reality, as it would require combing through every internal PHP function or class that can possibly access the outside world, and disabling it. Otherwise users will be able to circumvent all_url_fopen by writing a simple stream wrapper that just downloads the crap and returns it as an $fp. However, could we take another look at the purpose of allow_url_include/fopen? Isn't it to prevent stupid users from shooting themselves in the foot with code like: <?php $a = fopen($_GET['dumbidea']); include $_GET['waystupididea']; ?> allow_url_include/allow_url_fopen do not prevent users from downloading code and executing it intentionally, this is the job of a firewall. I know the idea of a taint mode was sort of discarded (I think it was, that was one loooong thread), but realistically, this is probably the better way to a more secure fopen and include without a more difficult safe mode-esque solution. All security experts say security is a tradeoff between convenience and safety, and the convenience of userspace stream wrappers will simply disappear in the name of the safety of preventing remote code execution vulnerabilities. Thanks, Greg -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
