Zeev Suraski wrote:
At 04:43 PM 7/28/2005, Ilia Alshanetsky wrote:
Zeev Suraski wrote:
3. Introduce allow_remote_streams (effectively allow_url_fopens
renamed, except it doesn't affect include/require)
If this option is disabled, would it simply prevent loading URLs via
various file based functions and a like (like allow_url_fopen now) or
will it also include other streams operations like fsockopen (and
similar), cURL, effectively disable sockets extensions, etc?
What I had in mind was disabling streams, very much in the same way we
have allow_url_fopens=0 today. We could try and go beyond that and have
allow_remote_connections which would attempt to disable everything - but
I fear it would quickly become another safe_mode.
In addition, it wouldn't be a bad practice for each extension to provide
a way to disable remote connections in its context, or a way to
completely turn it off (in case it doesn't make sense without remote
connections), like George suggested.
IMHO we should restrict or "disabling" code to just the include/require
constructs, since that is the main cause for concern. Ultimately shy of
disabling php's ability to request remote files there is no way to
prevent an attacker from fetching remote code and then executing it.
However, disabling all ability to query remote data sources severely
cripples PHP capabilities, making many applications that need to do just
that stop working.
Ilia
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
