On Wed, Aug 7, 2024, 7:13 PM Nick Lockheart <li...@ageofdream.com> wrote:
> > > > So I was thinking about this a bit more and I thought, what if instead > of adding a sandbox as a feature of PHP, what if PHP *was* the sandbox. > > So consider this: > > What if the PHP engine added a C API that lets C/C++ programs not only > spin up and run PHP, but those C/C++ programs could also control and > monitor the execution of the PHP environment from the outside. > Something similar is done in things like frankenphp (go/caddi/own sapi) or nativephp (desktop app, afair rust/tauri). Not the same goal, same starting point. But I would stay away to replace, or improve, OS security with my own things. Totally possible but it is the kind of worms can I don't look forward to open :) >
