Re: [Discussion] Sandbox API

From:	Niels Dossche	Date:	Tue, 06 Aug 2024 19:13:56 +0000
Subject:	Re: [Discussion] Sandbox API
References:	1 2 3 4	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

On 06/08/2024 21:05, Rob Landers wrote:

> Hey Niels,
> 
> I find this assertion kind of scary from a shared hosting perspective or even from a 3v4l kind
> of perspective. How do these services protect themselves if php is inherently insecure?
> 
> — Rob

Hi Rob

I'm not a sysadmin guy or anything like that, so I don't know how shared hosting stacks
looks like in practice.
But containers, chroot jails, seccomp-bpf, ... can offer protection. And you should be doing those
things anyway (as a matter of defense-in-depth) if you're offering servers running untrusted
code.

Kind regards
Niels


   

Thread (15 messages)

• Nick LockheartTue, 06 Aug 2024 06:09:34 +0000
  • Nick LockheartTue, 06 Aug 2024 08:41:56 +0000
    • Rob LandersTue, 06 Aug 2024 08:54:07 +0000
      • Nick LockheartTue, 06 Aug 2024 17:28:08 +0000
        • Rob LandersTue, 06 Aug 2024 18:51:30 +0000
          • Nick LockheartWed, 07 Aug 2024 09:55:11 +0000
    • Niels DosscheTue, 06 Aug 2024 18:59:03 +0000
      • Rob LandersTue, 06 Aug 2024 19:05:40 +0000
        • Niels DosscheTue, 06 Aug 2024 19:13:56 +0000
        • Pierre JoyeWed, 07 Aug 2024 11:02:06 +0000
        • Nick LockheartWed, 07 Aug 2024 12:09:04 +0000
          • Pierre JoyeWed, 07 Aug 2024 12:49:30 +0000
      • Christoph M. BeckerWed, 07 Aug 2024 11:11:50 +0000
  • Mike SchinkelTue, 06 Aug 2024 08:57:39 +0000
  • Calvin BuckleyWed, 07 Aug 2024 13:51:15 +0000