Ilia Alshanetsky:
> On 15-Dec-06, at 5:19 PM, Wietse Venema wrote:
> > Ilia Alshanetsky:
> >> That means an additional element to a struct that has thousands of
> >> instances in most scripts, this will be the first overhead caused by
> >> the memory footprint increase.
> >
> > There is no need for that.
> >
> > < zend_uchar is_ref;
> > ---
> > > zend_uchar is_ref:7;
> > > zend_uchar taint_flag:1;
> >
> > Perhaps a working implementation will be convincing. I offer to
> > do the work, other people lose nothing except the possibility that
> > they will be proven right.
>
> By all means :-)
>
> I suppose by making taint_flag 1 bit, you are assuming taint is
> purely black and white and that all untaint functions will secure
> data against all forms of usage.
If the default fail-close security policy is no function receives
tainted input unless explicitly stated otherwise, then one bit
suffices. That is actually the easiest part.
We also need a default policy for function outputs. Some functions
read external data; that needs to be escaped before it can be used
in echo/print/etc. So the fail-close security policy would be all
result values are tainted unless explicitly stated otherwise.
There's more work than this, but it gives the general idea.
Wietse
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
