On Sat, 16 Aug 2003, Steve Langasek wrote:
> The attached patch changes dl() so that, instead of outright refusing to
> run under safe mode, it performs additional security checks on the value
> of extension_dir and accepts a filename-only argument (no directories)
> from the caller. In addition, if the provided argument doesn't return a
> handle, dl will append the value of PHP_SHLIB_SUFFIX to the filename and
> try again.
>
> Rationale: Most Linux distributions that include PHP ship the majority
> of extensions as shared objects, to make it easier for the user to get
> just those features they need. In addition, there are many extensions
> not provided by Linux distributors that a user may wish to add locally.
> Unfortunately, current PHP programmer culture leads to all extensions
> being loaded via php.ini, which -- contrary to some claims made in the
> past on this list -- often causes instability when used with apache 1.3.
Loading them through dl() gives much more instability. I don't see where
you got this claim from, I never saw a bugreport about this.
> Simply put, the current state of libraries on Linux isn't good enough to
> cope with all possible libraries being loaded into a single apache
> process at once; and SSL-using extensions seem to have problems of their
> very own when it comes to Apache's load-unload-load-rinse-spindry
> handling of DSOs at start time. Supporting a reasonable dl() function
> under safe mode is the first step toward being able to wean users off of
> this fragile configuration.
I don't agree, dl() is kinda deprecated anyway. It's buggy as hell and
it causes quite a lot of problems with intra-extension dependencies. If
you want something solid, you compile in all extensions. This has
nothing to do with safe-mode really.
regards,
Derick
--
"Interpreting what the GPL actually means is a job best left to those
that read the future by examining animal entrails."
-------------------------------------------------------------------------
Derick Rethans http://derickrethans.nl/
International PHP Magazine http://php-mag.net/
-------------------------------------------------------------------------
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
