The new PECL package sandbox-0.1.1 (beta) has been released at https://pecl.php.net/.
Release notes ------------- - initial pecl release Package Info ------------- A sandbox is an isolated environment (a thread in our case); Things may go very badly wrong in the sandbox environment and not effect the environment that created it. This means that we must try very hard to limit the influence each environment has on the other. So the prototype and instructions of entry point "Closures" are verified to ensure they will not reduce or break isolation. In practice this means entry point closures must not: * accept or return by reference * accept or return non-scalar values (array, object) * execute a limited set of instructions Instructions prohibited directly in the sandbox are: * declare (anonymous) function * declare (anonymous) class * lexical scope access Nothing is prohibited in the files which the sandbox may include, but allowing these actions directly in the code which the sandbox executes at entry would break the isolation of the sandbox such that we couldn't be sure the system would remain stable. With these restrictions in place, we can be sure that a sandbox may do anything up to but excluding making PHP segfault, and not effect the environment that created it. Related Links ------------- Package home: https://pecl.php.net/package/sandbox Changelog: https://pecl.php.net/package-changelog.php?package=sandbox Download: https://pecl.php.net/get/sandbox-0.1.1.tgz Authors ------------- Remi Collet (lead) Joe Watkins <pthre...@pthreads.org> (lead) -- PECL development discussion Mailing List (http://pecl.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
