Andrew Garrett wrote: > On 30/06/2009, at 9:42 PM, Aryeh Gregor wrote: > >> On Tue, Jun 30, 2009 at 4:25 PM, Brion Vibber<[email protected]> >> wrote: >>> IMO by the time you've implemented your whitelisting parser you >>> might as >>> well just interpret it rather than eval()ing. >> I don't think so. You'd only have to do the whitelisting once, on >> page save. After that you could just execute with no extra overhead. > > That's just scary. We'd definitely want to do the validation as close > as possible to the actual eval()ing, to minimise backdoors like > Special:Import et al.
Executing PHP from apache-writable files saved on disk is also a security danger. The original implementation of the MonoBook skin used the TAL templating language, which was compiled into executable PHP at runtime and stored in /tmp so it could be cached for the next view. In addition to difficulties with hosts which had misconfigured /tmp directories, we found that people sharing their hosts with poorly-secured WordPress installations would end up finding their wikis hacked -- worms exploiting vulnerabilities in other PHP apps would hop around the system modifying any .php files they could write to... including the cached PHPTAL templates. -- brion _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
