On Fri, 19 Mar 2004, Ilia Alshanetsky wrote: > I am not suggesting we remove open_basedir or safe_mode although I still > maintain they are horrible kludges implemented in the wrong place as it is > not the job of scripting language to implement file system security. Adding > further hacks, prevents the development of real solutions to the problem > rather then hacks trivially bypassed.
This is also not the argument here. How many times have you heard me say that this should not be PHP's problem? It is architecturally incorrect to fix this problem in PHP and it can never be done correctly. However, PHP is also the pragmatic solution to the web problem and until such a time when someone else decides to actually fix this, we have to address it. And I completely don't buy the "improving our hacks prevents development of a real solution" argument. If we were talking about the same developers working on both, or even if there was a clear way to solve the actual problem that argument might have some weight, but it isn't the same developers nor is there a straightforward way to solve this just looking for someone to sit down and write the code. Even if someone was to actually fix the perchild MPM in Apache2 that still leaves us with all the thread safety problems in many extensions and the lack of tools to debug these problems. And a non-threaded perchild implementation doesn't make any sense. So where does this leave us? Looking for ideas and stuck with open_basedir for a while which in my opinion means we need to make our crappy hack as useful as possible since there is no sign of a white knight arriving any time soon to solve this problem for us. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
