On Sun, November 5, 2006 11:13 am, Rasmus Lerdorf wrote: > Ilia Alshanetsky wrote: >> What's to say /drive/smb or letter:// is not an SMB device? Also why >> break perfectly valid applications that perform operations on >> networked >> file systems? > > We are only talking about marking them as is_url which doesn't have > anything to do with performing normal operations on networked > filesystems. How many real apps rely on being able to execute code > via > an smb include? The exact same argument could me made for a localhost > http or ftp include which we also disallow. The fact that someone can > map a remote machine to a local drive actually means that they can > make > sure their app works because then they have pre-configured which hosts > are valid hosts for this use. If a bad guy can mount remote > filesystems > onto your server, then you have bigger problems.
Maybe I'm just being stupid (again) but it seems like all of this is kinda pointless... I mean, if you're dumb enough to include() source code from some random computer you don't control/trust, what do you really expect as the outcome? I realize that a lot of idiots did: include $path; with register_globals on as part of their code, and allow_url_include is trying to stem the tide of disasters that caused... But, really, can somebody be both smart enough to get SMB to even work, then manage to mount somebody else's untrusted drive or be dumb enough to let somebody else mount their own SMB drive, and then include() it i their PHP code? How likely is this scenario? And how many Real Uses are going to be impacted by dis-allowing SMB shares? Does anybody *need* this feature? Somebody posted that large ISPs are using SMB shares -- Perhaps asking them if this would kill them, or if they could manage to mount everything as a named drive. They're probably the ones most at-risk and with the best understanding of the Real World issues/risks. It's entirely possible, yea, even likely, that I'm "missing" something fundamental here, but it seems like you're trying to block something that only somebody really smart could intentionally open up to "prove" how insecure PHP is, rather than an actual Security Issue. PS I found it interesting that the CAPTCHA on the blog that started this thread doesn't work... And the comments box doesn't scroll properly when you type too much. [Which I'm sure some here think I type too much anyway... ;-)] PPS Since I will most likely never be responsible for an SMB share as a repository for source code in a production environment, I don't have a personal stake in this one, as interesting as it as an academic exercise in "Security". :-) +0.00001 -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
