Wietse Venema wrote:
Ilia Alshanetsky:
And here is your first exploit, let's say we say
mysql_real_escape_string() takes tainted data and makes it untainted,
what happens when this "safe" data is passed to exec().
You need a malicous code writer to have an exploit. As far as I
know, PHP is not a platform for secuerly executing hostile code.
You are going
to need to deal with different levels of taint-untainted and 1 bit is
not going to give you that flexibility. You are going to need an int/
long, maybe even a long long.
Sandboxing malicious code requires a lot more than taint levels.
I'll be happy to provide that, but it's outside of the contribution
that I'm trying to make for 2007. Right now I am merely targeting
the non-malicious programmers.
In that case do we really need something clogging up the code base?
Improving the performance of tools like PHPEclipse would seem to me to
be a better use of resources than adding the same sort of checks into
the runtime engine?
--
Lester Caine - G8HFL
-----------------------------
L.S.Caine Electronic Services - http://home.lsces.co.uk
Model Engineers Digital Workshop -
http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
