Re: [Concept] Flip relative function lookup order (global, then local)

From:	Ilija Tovilo	Date:	Wed, 21 Aug 2024 18:10:50 +0000
Subject:	Re: [Concept] Flip relative function lookup order (global, then local)
References:	1 2	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi John

On Wed, Aug 21, 2024 at 8:02 PM John Coggeshall <[email protected]> wrote:
>
> This is an attack vector for every application and I would argue should be a real concern for
> the vast majority of applications  out there -- any which rely on namespace-based frameworks and
> composer packages from untrustworthy sources. It's not just Wordpress -- literally every single
> PHP application that uses a publicly available framework and consumes external composer packages
> should be FQing their internal function calls. The natural behavior of the language shouldn't
> be the insecure way of doing things for the sake of maintaining BC compatibility with existing,
> insecure, code.

Including a malicious composer package already allows for arbitrary
code execution, do you really need more than that?

Ilija


   

Thread (112 messages)

• Ilija ToviloFri, 02 Aug 2024 16:51:33 +0000
  • Rob LandersFri, 02 Aug 2024 17:08:36 +0000
    • Ilija ToviloSun, 04 Aug 2024 17:41:17 +0000
      • Alexandru PătrănescuTue, 20 Aug 2024 08:01:10 +0000
        • Nick LockheartTue, 20 Aug 2024 08:41:23 +0000
          • Rob LandersTue, 20 Aug 2024 09:01:34 +0000
        • Levi MorrisonTue, 20 Aug 2024 15:14:05 +0000
          • Ilija ToviloTue, 20 Aug 2024 17:04:39 +0000
            • Faizan Akram DarTue, 20 Aug 2024 21:56:50 +0000
              • Rob LandersTue, 20 Aug 2024 22:20:51 +0000
          • Christian SchneiderWed, 21 Aug 2024 02:24:00 +0000
            • Levi MorrisonWed, 21 Aug 2024 06:05:49 +0000
            • Faizan Akram DarWed, 21 Aug 2024 07:44:10 +0000
              • Christian SchneiderWed, 21 Aug 2024 09:22:40 +0000
      • Rowan Tommins [IMSoP]Thu, 22 Aug 2024 21:32:13 +0000
        • Mike SchinkelThu, 22 Aug 2024 23:15:19 +0000
          • Rowan Tommins [IMSoP]Fri, 23 Aug 2024 06:39:41 +0000Re: [Concept] Flip relative fu nction lookup order (global, then local)
            • Nick LockheartFri, 23 Aug 2024 07:27:39 +0000Re: [Concept] Flip relative function lookup order (global, then local)
              • Rob LandersFri, 23 Aug 2024 07:46:47 +0000
                • Nick LockheartFri, 23 Aug 2024 08:08:25 +0000
                  • Rob LandersFri, 23 Aug 2024 09:13:39 +0000
                    • Nick LockheartFri, 23 Aug 2024 09:34:06 +0000
                      • Christian SchneiderFri, 23 Aug 2024 10:14:28 +0000
                        • Rob LandersFri, 23 Aug 2024 10:27:21 +0000
                          • Christian SchneiderFri, 23 Aug 2024 12:56:21 +0000
                            • Rob LandersFri, 23 Aug 2024 13:16:19 +0000
                            • Mike SchinkelFri, 23 Aug 2024 13:44:39 +0000
                  • Mike SchinkelFri, 23 Aug 2024 11:52:01 +0000
                    • Christoph M. BeckerFri, 23 Aug 2024 12:13:44 +0000Re: [Concept] Flip relative function lookup order (global,then local)
                  • Stephen ReayFri, 23 Aug 2024 13:18:50 +0000
              • Rowan Tommins [IMSoP]Fri, 23 Aug 2024 08:52:28 +0000
            • Mike SchinkelFri, 23 Aug 2024 11:29:04 +0000Re: [Concept] Flip relative function lookup order (global, then local)
              • Rowan Tommins [IMSoP]Fri, 23 Aug 2024 11:50:10 +0000
                • Mike SchinkelFri, 23 Aug 2024 12:04:22 +0000
                  • Rowan Tommins [IMSoP]Fri, 23 Aug 2024 12:33:45 +0000Re: [Concept] Flip relative fu nction lookup order (global, then local)
                    • Mike SchinkelFri, 23 Aug 2024 12:45:38 +0000Re: [Concept] Flip relative function lookup order (global, then local)
                      • Rowan Tommins [IMSoP]Fri, 23 Aug 2024 13:07:14 +0000
                        • Mike SchinkelFri, 23 Aug 2024 13:28:33 +0000
        • Nick LockheartFri, 23 Aug 2024 00:42:38 +0000
          • Rowan Tommins [IMSoP]Fri, 23 Aug 2024 08:16:26 +0000Re: [Concept] Flip relative fu nction lookup order (global, then local)
            • Nick LockheartFri, 23 Aug 2024 09:27:20 +0000Re: [Concept] Flip relative function lookup order (global, then local)
              • Rob LandersFri, 23 Aug 2024 12:16:57 +0000
                • Rob LandersFri, 23 Aug 2024 12:23:11 +0000
            • Stephen ReayFri, 23 Aug 2024 09:58:02 +0000Re: [Concept] Flip relative function lookup order (global, then local)
              • Paul DragoonisFri, 23 Aug 2024 10:19:30 +0000
              • Rowan Tommins [IMSoP]Fri, 23 Aug 2024 10:29:32 +0000
                • Stephen ReayFri, 23 Aug 2024 12:43:58 +0000
                  • Rowan Tommins [IMSoP]Fri, 23 Aug 2024 13:20:55 +0000
                    • Stephen ReayFri, 23 Aug 2024 14:04:32 +0000
                      • Rowan Tommins [IMSoP]Fri, 23 Aug 2024 15:49:37 +0000Re: [Concept] Flip relative fu nction lookup order (global, then local)
                        • John CoggeshallFri, 23 Aug 2024 16:13:52 +0000Re: [Concept] Flip relative function lookup order (global, then local)
                          • Stephen ReayFri, 23 Aug 2024 16:35:02 +0000
                            • John CoggeshallFri, 23 Aug 2024 17:10:48 +0000
                              • John CoggeshallFri, 23 Aug 2024 17:13:00 +0000
                        • Stephen ReayFri, 23 Aug 2024 16:27:35 +0000Re: [Concept] Flip relative function lookup order (global, then local)
                          • John CoggeshallFri, 23 Aug 2024 16:56:32 +0000
                            • Stephen ReayFri, 23 Aug 2024 17:46:48 +0000
                              • John CoggeshallFri, 23 Aug 2024 18:37:39 +0000
                                • Stephen ReayFri, 23 Aug 2024 19:28:01 +0000
                        • Ilija ToviloFri, 23 Aug 2024 17:32:41 +0000Re: [Concept] Flip relative function lookup order (global, then local)
                          • Stephen ReayFri, 23 Aug 2024 18:10:44 +0000
                            • Ilija ToviloFri, 23 Aug 2024 18:17:03 +0000
                              • Stephen ReaySat, 24 Aug 2024 11:54:09 +0000
                                • Ilija ToviloSat, 24 Aug 2024 17:01:48 +0000
                                  • Stephen ReaySat, 24 Aug 2024 18:16:13 +0000
                                    • Rob LandersSat, 24 Aug 2024 20:36:43 +0000
                                    • Rowan Tommins [IMSoP]Sat, 24 Aug 2024 22:58:16 +0000Re: [Concept] Flip relative fu nction lookup order (global, then local)
                                      • Rob LandersSat, 24 Aug 2024 23:15:17 +0000Re: [Concept] Flip relative function lookup order (global, then local)
                                      • Stephen ReaySun, 25 Aug 2024 05:27:41 +0000Re: [Concept] Flip relative function lookup order (global, then local)
                          • John CoggeshallFri, 23 Aug 2024 18:19:26 +0000
                            • Ilija ToviloFri, 23 Aug 2024 18:21:27 +0000
                              • Mike SchinkelSun, 25 Aug 2024 02:23:20 +0000
                          • Rob LandersFri, 23 Aug 2024 18:19:49 +0000
                          • Rowan Tommins [IMSoP]Fri, 23 Aug 2024 19:41:41 +0000Re: [Concept] Flip relative fu nction lookup order (global, then local)
                            • John CoggeshallFri, 23 Aug 2024 19:47:01 +0000Re: [Concept] Flip relative function lookup order (global, then local)
                            • Rob LandersFri, 23 Aug 2024 19:50:05 +0000Re: [Concept] Flip relative function lookup order (global, then local)
                              • Rowan Tommins [IMSoP]Fri, 23 Aug 2024 20:03:15 +0000Re: [Concept] Flip relative fu nction lookup order (global, then local)
                            • Ilija ToviloFri, 23 Aug 2024 21:57:12 +0000Re: [Concept] Flip relative function lookup order (global, then local)
                              • Rob LandersSat, 24 Aug 2024 09:00:13 +0000
                                • Rob LandersSat, 24 Aug 2024 09:09:27 +0000
                                  • Stephen ReaySat, 24 Aug 2024 11:59:45 +0000
                                    • Rob LandersSat, 24 Aug 2024 12:32:28 +0000
                                    • Ilija ToviloSat, 24 Aug 2024 16:34:41 +0000
                                      • Stephen ReaySat, 24 Aug 2024 17:11:35 +0000
                                      • Rob LandersSat, 24 Aug 2024 20:26:26 +0000
              • Rowan Tommins [IMSoP]Fri, 23 Aug 2024 11:28:13 +0000
  • Rob LandersFri, 02 Aug 2024 17:14:56 +0000
  • Nick LockheartFri, 02 Aug 2024 17:19:41 +0000
    • Rowan Tommins [IMSoP]Fri, 02 Aug 2024 17:53:50 +0000Re: [Concept] Flip relative fu nction lookup order (global, then local)
      • Nick LockheartFri, 02 Aug 2024 18:46:03 +0000Re: [Concept] Flip relative function lookup order (global, then local)
        • Rowan Tommins [IMSoP]Fri, 02 Aug 2024 20:30:42 +0000Re: [Concept] Flip relative fu nction lookup order (global, then local)
  • Thomas NunningerFri, 02 Aug 2024 17:49:54 +0000
  • Claude PacheFri, 02 Aug 2024 19:01:47 +0000
    • Ilija ToviloSun, 04 Aug 2024 17:53:11 +0000
      • Nick LockheartSun, 04 Aug 2024 18:07:27 +0000
  • BilgeFri, 02 Aug 2024 20:37:23 +0000
    • Nick LockheartFri, 02 Aug 2024 22:00:33 +0000
      • Christoph M. BeckerFri, 02 Aug 2024 22:48:27 +0000Re: [Concept] Flip relative function lookup order(global, then local)
      • DeleuFri, 02 Aug 2024 22:48:38 +0000
        • Nick LockheartSun, 04 Aug 2024 06:19:18 +0000Request for RFC Karma
          • Christoph M. BeckerSun, 04 Aug 2024 09:52:30 +0000
      • Rowan Tommins [IMSoP]Thu, 22 Aug 2024 21:40:45 +0000
    • John CoggeshallWed, 21 Aug 2024 08:23:13 +0000
      • Rob LandersWed, 21 Aug 2024 12:03:57 +0000
        • John CoggeshallWed, 21 Aug 2024 18:02:11 +0000
          • Ilija ToviloWed, 21 Aug 2024 18:10:50 +0000
            • John CoggeshallWed, 21 Aug 2024 18:32:55 +0000
              • John CoggeshallWed, 21 Aug 2024 18:35:29 +0000
              • Rob LandersThu, 22 Aug 2024 08:09:52 +0000
                • John CoggeshallThu, 22 Aug 2024 17:56:30 +0000
  • Derick RethansMon, 05 Aug 2024 11:23:50 +0000
    • Ilija ToviloMon, 05 Aug 2024 13:15:46 +0000