Re: Bundling "modern" extensions

From:	Reindl Harald	Date:	Tue, 07 Jun 2011 13:04:02 +0000
Subject:	Re: Bundling "modern" extensions
References:	1 2 3 4 5 6 7 8 9 10 11	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Am 07.06.2011 14:44, schrieb David Muir:
> On 07/06/11 18:40, Reindl Harald wrote:
>> there is a reason for example to disallow many functions
>> on a webserver - so every API has to make sure they
>> can not be bypassed
>>
>> "because we can" is no valid reason for everything because
>> we can install binary extension as they exist now and
>> if you can not you are missing the permissions for some
>> good reasons
>>
> 
> So you're saying that PECL, PNI or FFI should should be actively
> discouraged because of security concerns?

WHERE i said this?
PECL-Extensions can NOT be enabled by the user

> What exactly are the security issues?
> I'm really trying to figure out where you're coming from

look in the php-changelogs how often "open_base_dir" was bypassed
in the past and think about a low-level API for writing extensions
installed by a user - after that think about how many idiots out
there driving servers into a security-hell only with PHP and what
the impact will be give them a low-level API



Attachment: [application/pgp-signature] OpenPGP digital signature signature.asc

   

Thread (74 messages)

• Andi GutmansSat, 04 Jun 2011 23:00:28 +0000
  • Stas MalyshevSat, 04 Jun 2011 23:57:28 +0000
    • Scott MacVicarSun, 05 Jun 2011 00:03:02 +0000
      • RasmusSun, 05 Jun 2011 01:00:01 +0000
        • Philip OlsonSun, 05 Jun 2011 01:09:50 +0000
        • [email protected]Sun, 05 Jun 2011 01:13:56 +0000
  • Philip OlsonSun, 05 Jun 2011 00:55:24 +0000
    • Marcel EsserSun, 05 Jun 2011 00:56:49 +0000
  • Paul ReinheimerSun, 05 Jun 2011 01:58:26 +0000
  • Hannes MagnussonSun, 05 Jun 2011 07:33:00 +0000
    • dukeofgamingSun, 05 Jun 2011 07:57:01 +0000
  • Pierre JoyeSun, 05 Jun 2011 10:57:55 +0000
    • Hannes MagnussonSun, 05 Jun 2011 11:09:13 +0000
      • Pierre JoyeSun, 05 Jun 2011 11:17:05 +0000
        • Matthew Weier O'PhinneyMon, 06 Jun 2011 16:53:24 +0000
          • Johannes SchlüterMon, 06 Jun 2011 22:55:33 +0000
      • Ferenc KovacsSun, 05 Jun 2011 12:54:20 +0000
        • Larry GarfieldMon, 06 Jun 2011 15:18:23 +0000
          • Ferenc KovacsMon, 06 Jun 2011 15:38:00 +0000
          • Johannes SchlüterMon, 06 Jun 2011 15:56:30 +0000
            • Larry GarfieldTue, 07 Jun 2011 22:15:47 +0000
          • Pierre JoyeMon, 06 Jun 2011 16:25:43 +0000
    • Reindl HaraldSun, 05 Jun 2011 11:37:36 +0000
      • Pierre JoyeSun, 05 Jun 2011 11:40:02 +0000
        • Reindl HaraldSun, 05 Jun 2011 11:50:28 +0000
          • RasmusSun, 05 Jun 2011 11:58:27 +0000
            • Reindl HaraldSun, 05 Jun 2011 12:06:39 +0000
              • RasmusSun, 05 Jun 2011 14:20:36 +0000
          • Pierre JoyeSun, 05 Jun 2011 12:00:13 +0000
          • Ferenc KovacsSun, 05 Jun 2011 13:03:58 +0000
      • Pierre JoyeSun, 05 Jun 2011 11:41:00 +0000
      • Olivier HillSun, 05 Jun 2011 18:39:45 +0000
        • Reindl HaraldSun, 05 Jun 2011 18:47:41 +0000
        • Scott MacVicarSun, 05 Jun 2011 22:21:52 +0000
          • Reindl HaraldSun, 05 Jun 2011 22:28:52 +0000
      • Michael WallnerThu, 09 Jun 2011 18:11:41 +0000
        • Reindl HaraldFri, 10 Jun 2011 09:20:29 +0000
          • Lars StrojnyFri, 10 Jun 2011 10:50:49 +0000
            • KeloranFri, 10 Jun 2011 11:03:45 +0000
              • Johannes SchlüterFri, 10 Jun 2011 11:39:34 +0000
                • Ole Markus WithFri, 10 Jun 2011 13:08:27 +0000
            • Rune KaagaardFri, 10 Jun 2011 12:17:11 +0000
        • Pierre JoyeFri, 10 Jun 2011 09:25:45 +0000
        • Pierre JoyeFri, 10 Jun 2011 09:29:44 +0000
          • Michael WallnerFri, 10 Jun 2011 10:12:27 +0000
    • Matthew Weier O'PhinneyMon, 06 Jun 2011 16:53:30 +0000
      • Pierre JoyeMon, 06 Jun 2011 17:01:40 +0000
        • Martin ScottaMon, 06 Jun 2011 21:40:54 +0000
          • Ferenc KovacsMon, 06 Jun 2011 22:55:17 +0000
          • Lester CaineMon, 06 Jun 2011 22:56:15 +0000
          • Johannes SchlüterMon, 06 Jun 2011 23:00:43 +0000
            • Pierre JoyeTue, 07 Jun 2011 23:52:29 +0000
          • Reindl HaraldMon, 06 Jun 2011 23:15:39 +0000
            • Martin ScottaTue, 07 Jun 2011 02:42:15 +0000
              • Lester CaineTue, 07 Jun 2011 05:24:06 +0000
              • Reindl HaraldTue, 07 Jun 2011 06:49:25 +0000
                • David MuirTue, 07 Jun 2011 09:32:57 +0000
                  • Reindl HaraldTue, 07 Jun 2011 09:40:38 +0000
                    • David MuirTue, 07 Jun 2011 12:44:55 +0000
                      • Reindl HaraldTue, 07 Jun 2011 13:04:02 +0000
                        • Ferenc KovacsTue, 07 Jun 2011 13:08:10 +0000
                          • Reindl HaraldTue, 07 Jun 2011 13:10:10 +0000
                            • Ferenc KovacsTue, 07 Jun 2011 13:36:09 +0000
                              • Martin ScottaTue, 07 Jun 2011 14:59:31 +0000
                                • Ferenc KovacsTue, 07 Jun 2011 15:05:34 +0000
                                • Reindl HaraldTue, 07 Jun 2011 15:11:09 +0000
                  • Martin ScottaTue, 07 Jun 2011 15:06:12 +0000
    • Sean CoatesTue, 07 Jun 2011 17:16:51 +0000
      • John CrenshawWed, 08 Jun 2011 12:41:08 +0000RE: [PHP-DEV] Bundling "modern" extensions
  • Pierre JoyeSun, 05 Jun 2011 11:56:06 +0000
  • Johannes SchlüterSun, 05 Jun 2011 14:02:06 +0000
  • Lester CaineSun, 05 Jun 2011 17:47:43 +0000
  • Philip OlsonSun, 05 Jun 2011 21:17:23 +0000
  • Derick RethansMon, 06 Jun 2011 17:14:18 +0000