On Fri, Dec 15, 2006 at 05:31:57PM -0500, Wietse Venema wrote: > Ilia Alshanetsky: > > > > On 15-Dec-06, at 4:16 PM, Stanislav Malyshev wrote: > > > > >> Sounds awefuly like yet another safe_mode, something that > > >> proclaims security, yet being unable to provide it. > > > > > > Repeating my comments on that, I think that it can be done not like > > > safe_mode, if we take different approach. Namely, not "mark unsafe, > > > accept otherwise" but "mark safe, deny otherwise". > > > > Ok this is better, but it will break every single application out > > there. I for one think that this is unacceptable. > > Remember, taint checks are turned off off by default. Nothing > breaks. > > As for precision, we can have a fail-close system with the default > "no function/primitive accepts tainted data" policy. > > Over time we can "open up" functions/primitives, once the framework > is in place. After that, taint support can be extended inrementally. > > Even if some taint check is to restrictive at some point in time, > the programmer can always overcome it with an explicit action.
Yes. I think that a taint check would be a great help with php. I have seen many php scripts from many people, I am always shocked at the way in which values from forms are frequently trusted without checks. Php is easy to write, that is good. Unfortunately this also means that bad/simple/careless programmers can use php ... these are the ones who cause many of the php script errors that cause problems. -- Alain Williams Parliament Hill Computers Ltd. Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ #include <std_disclaimer.h> -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
