Ilia Alshanetsky:
> And here is your first exploit, let's say we say
> mysql_real_escape_string() takes tainted data and makes it untainted,
> what happens when this "safe" data is passed to exec().
You need a malicous code writer to have an exploit. As far as I
know, PHP is not a platform for secuerly executing hostile code.
> You are going
> to need to deal with different levels of taint-untainted and 1 bit is
> not going to give you that flexibility. You are going to need an int/
> long, maybe even a long long.
Sandboxing malicious code requires a lot more than taint levels.
I'll be happy to provide that, but it's outside of the contribution
that I'm trying to make for 2007. Right now I am merely targeting
the non-malicious programmers.
Wuietse
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
