Hello,
On 12/19/06, Wietse Venema <[EMAIL PROTECTED]> wrote:
Zeev Suraski:
Following up on an earlier suggestion in this thread, I could see
at least three modes of operation:
1) Disabled. The default setting.
2) Audit mode. Report perceived problems to logfile. This can be
used by developers to catch bugs, and by deployers for quality
assessment (but developers please don't start screaming yet).
3) Enforcement mode. Don't allow execution past a perceived problem.
I do not think a taint mode is a good thing however to reject this
need would be a mistake. But there is a huge difference between a
taint mode for the developers or the audit team and something that
_will_ be enabled in many ISP, an enforcement mode. I'm "strongly"
opposed to add this mode.
I fought years against safe_mode, I'm not goint to start again with a
taint mode. One can say that an enforced taint mode will be better
than safe_mode but he is lying to himself. It will be a horrible
moving target. ISP will active it while keeping all other sources of
troubles, leaving the mess to the developers.
that's what happened with safe_mode mixed with all possible craps and
that will happen with the mode #3 as well without solving anything
from a security point of view (users will have more logs to read, at
least ;-).
As a short answer, I completely agree with Zeev. Many users ask and/or
need a taint mode (or whatever is its name). I do not think it is a
good thing but PHP should have it, only for development/audit purposes
and disabled by default.
(that said, I will be really happier without taint mode).
I still wonder which miracles you can achieve to provide such mode
without shooting your own feet :-)
--Pierre
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
