The only solution that would allow userspace streams to function *and* allow security would be to implement safe_mode 2.0: disable all remote
No, that's not the only solution. Other solution would be stop trying to do what should be done on entirely other level and do it on the OS level, not try to make PHP what it is not - PHP is not built to securely limit the programmer and all attempts to do that eventually lead to the same problems safe_mode had. Or worse, if they break perfectly good code on the way.
that can possibly access the outside world, and disabling it. Otherwise users will be able to circumvent all_url_fopen by writing a simple stream wrapper that just downloads the crap and returns it as an $fp.
I say if you don't want your users to contact outside world, buy a firewall. allow_url_include was intended to serve very specific purpose, to plug hole created by often-written stupid code. It's not a comprehensive security solution and was not intended to restrict the programmer.
I know the idea of a taint mode was sort of discarded (I think it was,
Actually, AFAIK it wasn't :)
disappear in the name of the safety of preventing remote code execution vulnerabilities.
There would be no safety and no prevention, just plugging one way of thousands. IMHO it is pointless.
-- Stanislav Malyshev, Zend Products Engineer [EMAIL PROTECTED] http://www.zend.com/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
