Ilia, please ensure that the patch is either backed out from
or completely brought up to production quality for the
PHP_4_3 tree, so that the old php.ini-dist recommendation
works again.
; For Unix only. You may supply arguments as well (default:
"sendmail -t -i").
Thanks
- Sascha
On Fri, 10 Oct 2003, Ilia Alshanetsky wrote:
> I'll revise the patch to allow for older configurations to work. I find it
> somewhat strange that you do not see a problem with allowing a function not
> intended for command execution to act as such. For the record not only
> safe_mode is affected, people who rely on disable_functions INI directive to
> disallow command execution would also be affected. Not to mention that this
> results in SIGPIPE and several writes to an invalid file descriptor.
>
> The BC break itself is not something that would force people to rewrite their
> code, the fix is a single line change inside PHP.ini that would make their
> system more secure and prevent searching for sendmail binary on every
> execution making the e-mail sending process slightly faster.
>
> Ilia
>
> On October 10, 2003 12:08 pm, Sascha Schumann wrote:
> > I don't buy the security line you are trying to tuck onto
> > your non-silent termination patch. If you are concerned
> > about safe mode, fine, enable the patch for safe mode only.
> >
> > Having a warning in the case that the shell execution failed
> > (it returns a non-zero error code, right?) makes sense, but
> > you are intentionally breaking configurations which work
> > flawlessly with older PHP versions.
> >
> > - Sascha
> >
> > On Fri, 10 Oct 2003, Ilia Alshanetsky wrote:
> > > Sascha,
> > >
> > > The purpose of the patch is to prevent silent termination of mail() when
> > > sendmail_path contains a non-existant path or a non-executable file. The
> > > backwards compatibility break was unintentional, however previous
> > > behavior may in fact be a security issue. Consider the following
> > > situation. I have sendmail_path set to "sendmail -t", inside my script I
> > > set PATH to ".", now by placing any executable file (sendmail) inside the
> > > current (or specified directory) I can execute it freely bypassing
> > > safe_mode, open_basedir and any other limitations. Same would be true is
> > > someone were to place a 'hostile' sendmail binary inside a directory
> > > who's PATH order precedes that of the real sendmail. It would allow the
> > > attacker to capture all text send by PHP via e-mail.
> > > As I understand part of the reason for making sendmail_path system INI
> > > directive was to allow the server admin & only the server admin to
> > > control this directive. By allowing incomplete paths we potentially allow
> > > user to act as an admin.
> > >
> > > Ilia
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
- Sascha
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
