[PHP-DEV] Re: [PHP-DOC] Fwd: Re: [PHP-DEV] filesystem security questions
Can someone please help out Wez? ;) I don't really know what streams are about [it's not documented ;)], so if it's a new extension, Wez can start with copy-pasting one extensions documentation (see phpdoc/en/reference/ANY_EXTENSION_NAME). The XML files are quite self descriptive, so the tags to be used speak for themselfs. But we would also be happy with a nicely formatted text file (like the one in the overload/README), and so we can build up an XML file based on it. Goba -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] filesystem security questions
I personally thing there are FAR more important things to work on in this extension before we even address this issue. For instance: - relative xpath queries #1!! - namespace support in xpath (meaning auto register from the xml context) - fixing get_element_by_id to just name a few. Dan Rob Richards ([EMAIL PROTECTED]) wrote: The more I think about it, I dont know if streams should be done in the domxml extension currently. This is a big change from its current implementation and if it was to be undertaken, then why not just start fresh with the unified implementation? You are talking about implementing everything as streams (the dom, nodes, etc..) correct? Even with stream, how would this help in the following problem. You need to save your document to file. You may be passing it in as a stream, but when the libxml call is made it just requires a file path. validation on the file path is still going to be needed. I cant see using a stream for this as we are not doing any type of I/O here, just calling another library with a file path. I might be missing with streams, but after reading the readme, i still dont see how they will help in this situation. I feel like I got side tracked from my origional question and am back at square one. Rob Are you talking about your own extension or ext/domxml ? I think (but could be wrong) that sooner or later streams should be used everyone for consistency. - Markus -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- Daniel Allen, [EMAIL PROTECTED] http://www.mojavelinux.com/ Microsofts's Law of Software Engineering: Don't worry if it doesn't work right. If everything did, we'd be out of a job. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] filesystem security questions
If one of the doc guys can create a section in the docs as a skeleton, I'll make an effort to fill in the docs, but I have very limited time for a couple of months :-/ --Wez. On 08/06/02, Andi Gutmans [EMAIL PROTECTED] wrote: At 12:42 PM 6/8/2002 +0200, Markus Fischer wrote: Practically, there's no documentation about streams except some mail Wez sent to php-dev@ a few weeks (months?) ago (and the sources, of course), I hope you can find it in the archives. Maybe we can get Wez to write complete documentation for the API docs? :) Andi -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Fwd: Re: [PHP-DEV] filesystem security questions
Can someone please help out Wez? ;) Thanks, Andi From: Wez Furlong [EMAIL PROTECTED] Date: Wed, 12 Jun 2002 01:39:53 +0100 To: Andi Gutmans [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], Wez Furlong [EMAIL PROTECTED] Subject: Re: [PHP-DEV] filesystem security questions If one of the doc guys can create a section in the docs as a skeleton, I'll make an effort to fill in the docs, but I have very limited time for a couple of months :-/ --Wez. On 08/06/02, Andi Gutmans [EMAIL PROTECTED] wrote: At 12:42 PM 6/8/2002 +0200, Markus Fischer wrote: Practically, there's no documentation about streams except some mail Wez sent to php-dev@ a few weeks (months?) ago (and the sources, of course), I hope you can find it in the archives. Maybe we can get Wez to write complete documentation for the API docs? :) Andi -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] filesystem security questions
I have a few questions about correctly implementing safe_mode, open_basedir and allow_url checks within an extension. Probably an easy question, but I have seen it implemented in various ways in different extensions and want to make sure i implement this correctly. allow_url checks: is there a standard function which produces an error if not allowed, or do I just handle this within the extension after testing with PG(allow_url_fopen)? safe_mode: this is done by testing both php_check_safe_mode_include_dir and php_checkuid if safe_mode is enabled, correct? open_basedir: this is just done with php_check_open_basedir? Is there any precedence of the safe_mode and open_basedir checks or does it need to pass both checks? Are there any other checks i am missing to implement filesystem security within an extension? Thanks, Rob -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] filesystem security questions
Hi, On Sat, Jun 08, 2002 at 06:22:29AM -0400, Rob Richards wrote : I have a few questions about correctly implementing safe_mode, open_basedir and allow_url checks within an extension. Probably an easy question, but I have seen it implemented in various ways in different extensions and want to make sure i implement this correctly. allow_url checks: is there a standard function which produces an error if not allowed, or do I just handle this within the extension after testing with PG(allow_url_fopen)? In CVS HEAD we've a new, generic implemention called 'streams'. The streams implementation takes care of this. See main/streams.c in locate_url_wrapper (which is called when you create a new stream): if (wrapper wrapper-is_url !PG(allow_url_fopen)) { zend_error(E_WARNING, URL file-access is disabled in the server configuration); return NULL; } Practically, there's no documentation about streams except some mail Wez sent to php-dev a few weeks (months?) ago (and the sources, of course), I hope you can find it in the archives. safe_mode: this is done by testing both php_check_safe_mode_include_dir and php_checkuid if safe_mode is enabled, correct? open_basedir: this is just done with php_check_open_basedir? I leave this open as I'm not an expert in this field. Current implementation seem to call php_checkuid first and then php_check_open_basedir (grep for the functions in ext/standard/* ). - Markus -- GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] filesystem security questions
At 12:42 PM 6/8/2002 +0200, Markus Fischer wrote: Practically, there's no documentation about streams except some mail Wez sent to php-dev a few weeks (months?) ago (and the sources, of course), I hope you can find it in the archives. Maybe we can get Wez to write complete documentation for the API docs? :) Andi -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] filesystem security questions
I think using stream functions may be overkill for what I need to do. While fixing an issue with using relative paths in domxml and decided to add filesecurity features in at the same time. The file path comes in as a string and is sent directly to libxml as such. also, going through the locate_url_wrapper function, it looks like it defines acceptable protocols to use. Also, libxml has its own routines for remote file access, so in the event a new protocol is used (right now it is just http and ftp), should the extension disallow the use of other protocols if it is not supported in php? may not be an issue. right now I am using the following to test for a remote path: if (!strncasecmp(file,http://;, 7) || !strncasecmp(file,ftp://;, 6)) { which could be expanded upon if additional protocols are added to libxml. I could be wrong (wouldn't be the first time), but I am not sure if I really need to use the streams functions as I wont be doing anything with the returned wrapper. Thanks Rob - Original Message - From: Markus Fischer [EMAIL PROTECTED] In CVS HEAD we've a new, generic implemention called 'streams'. The streams implementation takes care of this. See main/streams.c in locate_url_wrapper (which is called when you create a new stream): if (wrapper wrapper-is_url !PG(allow_url_fopen)) { zend_error(E_WARNING, URL file-access is disabled in the server configuration); return NULL; } -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] filesystem security questions
Hi Rob, At 13:22 8-6-2002, Rob Richards shared with all of us: right now I am using the following to test for a remote path: if (!strncasecmp(file,http://;, 7) || !strncasecmp(file,ftp://;, 6)) { which could be expanded upon if additional protocols are added to libxml. From a user's point of view: Sablotron uses scheme handlers, which can be registered for a certain protocol. This allows custom protocols to be added in php. Would love to see the same thing apply to domxml and if eventually resources between the different extensions could be passed arround, this would certainly help. One could do it like this for instance: !ENTITY % dynamic SYSTEM domxml://resourcename/rootnode/entityblock/entityname %dynamic; and vice-versa for xml-stylesheet PI's. The remote check would be static: if(!strncasecmp(file, file://, 7)) || !strncasecmp(file, sablot://, 9)) { Then through a case statement of 'known' schemes and any that require safe_mode could go through the streams. Any custom schemas that are registered in php, would have to call fopen/sockets/whatever and are handled by streams/safe_mode automatically. 2c. Met vriendelijke groeten / With kind regards, IDG.nl Melvyn Sopacua Webmaster -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] filesystem security questions
Are you talking about your own extension or ext/domxml ? I think (but could be wrong) that sooner or later streams should be used everyone for consistency. - Markus On Sat, Jun 08, 2002 at 07:22:25AM -0400, Rob Richards wrote : I think using stream functions may be overkill for what I need to do. While fixing an issue with using relative paths in domxml and decided to add filesecurity features in at the same time. The file path comes in as a string and is sent directly to libxml as such. also, going through the locate_url_wrapper function, it looks like it defines acceptable protocols to use. Also, libxml has its own routines for remote file access, so in the event a new protocol is used (right now it is just http and ftp), should the extension disallow the use of other protocols if it is not supported in php? may not be an issue. right now I am using the following to test for a remote path: if (!strncasecmp(file,http://;, 7) || !strncasecmp(file,ftp://;, 6)) { which could be expanded upon if additional protocols are added to libxml. I could be wrong (wouldn't be the first time), but I am not sure if I really need to use the streams functions as I wont be doing anything with the returned wrapper. Thanks Rob - Original Message - From: Markus Fischer [EMAIL PROTECTED] In CVS HEAD we've a new, generic implemention called 'streams'. The streams implementation takes care of this. See main/streams.c in locate_url_wrapper (which is called when you create a new stream): if (wrapper wrapper-is_url !PG(allow_url_fopen)) { zend_error(E_WARNING, URL file-access is disabled in the server configuration); return NULL; } -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc Did I help you?http://guru.josefine.at/wish_en Konnte ich helfen? http://guru.josefine.at/wish_de -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] filesystem security questions
I am talking about the domxml. After thinking about a bit and reading the post from Melvyn, I think that streams might be the way to go, but not quite positive yet. In a long term sense, I am just not sure how far domxml is going to go; meaning the discussion of the unified xml implementation. I dont know where this stands, though don't see it being rolled out in the immediate future with all that needs to be done, and assume that it will replace domxml. It looks like there will be two tracks here. One maintaining domxml and they other working on the unified implementation. With that in mind, where should the focus of development on domxml be? I would like to see it get out of experimental stage and considered stable. It may not include all the bells and whistles, but at least for the functionality it does support, it is considered solid. Rob - Original Message - From: Markus Fischer [EMAIL PROTECTED] To: Rob Richards [EMAIL PROTECTED] Cc: Php-Dev List [EMAIL PROTECTED] Sent: Saturday, June 08, 2002 10:16 AM Subject: Re: [PHP-DEV] filesystem security questions Are you talking about your own extension or ext/domxml ? I think (but could be wrong) that sooner or later streams should be used everyone for consistency. - Markus -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] filesystem security questions
The more I think about it, I dont know if streams should be done in the domxml extension currently. This is a big change from its current implementation and if it was to be undertaken, then why not just start fresh with the unified implementation? You are talking about implementing everything as streams (the dom, nodes, etc..) correct? Even with stream, how would this help in the following problem. You need to save your document to file. You may be passing it in as a stream, but when the libxml call is made it just requires a file path. validation on the file path is still going to be needed. I cant see using a stream for this as we are not doing any type of I/O here, just calling another library with a file path. I might be missing with streams, but after reading the readme, i still dont see how they will help in this situation. I feel like I got side tracked from my origional question and am back at square one. Rob Are you talking about your own extension or ext/domxml ? I think (but could be wrong) that sooner or later streams should be used everyone for consistency. - Markus -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php