Rasmus Lerdorf wrote:
>> Heh, I am certain that most ISPs admins are not subscribed to the
>> development list of every software they are running, monitoring such
>> lists would be near impossible due to large cumulative volume of email. I
>> am sure some IPSs will do exactly what you suggest and disable the
>> function, but what about the next function which bypasses safe_mode
>> etc...? Eventually, they'd need to disable every file system function.
>> Btw here is yet another thing against which safemode does not protect.
>>
>> while(1) fopen(rand(), "w");
>>
>> After a few seconds depending on system speed system will run out of file
>> pointers. I am sure you can see how that would be BAD.
>
> That's not safe-mode's job.
Maybe there should be a general security system designed for PHP5. Safe Mode
is an ugly hack by design, and that's bad.
PHP being a web server scripting language is a unique case, for example
consider that once apache 2.0 becomes stable, safe_mode will become
obsolete, on the other hand the situation described here will become quite
deadly if some sort of threaded mode is used. So FD limit would because
quite useful.
Perhaps PHP5 should have some sort of general "security/attributes manager",
where you can set up attributes, and it's the job of function designers to
query those attributes, for example, some sort of entry in php.ini saying
something like
security.funcs.fopen.server.maxfdperscript=50
so a developer could query this in a form of secvalue('maxfdperscript');
which would return 50....
it would also be convinient for this system to support masks
*.maxfdperscript=50
various other security options can be controlled in such a way. Giving some
sort of standard way to set those attributes up.
Now as far as safe_mode is concerned, it indeed does need to go away, it's a
poorly coded hack that should no be there. Why is wrong, well, let me
explain something.
Those bugs that Ilia reported I knew for quite a while, and I specifically
chose not report safemode bugs to php-dev because once they are fixed my
job as a developer would become more difficult, Ilia there did most of us a
disfavor by actually turning a few of them in because now it's going to
more difficult to write scripts that work well on all possible configs.
Now, what does that tell you about an extension where reporting bugs in it
becomes DISADVANTAGES to a large userbase that on most part wishes the best
for php.
Ilia, please refrain from reporting more bug about safemode, as you will
only make our life more difficult in php4+apache 1.x days.
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
