William A. Rowe, Jr. wrote: > In httpd server (and most) there is a startup phase, when we generally > trust what the admin has done, and a runtime phase. There are obvious > exploits if untrusted scripts can run arbitrary dlload's after startup. > > enable_dl in php.ini will obviously override this, but to start up and > load dynamic extensions, it's initially required to be on. > > Is there any sense in having php4apache2 (and other SAPI's) permitted > to run the entire startup phase of php prior to turning enable_dl back > off for the runtime phase of the server?
enable_dl only affects the userspace dl() function. That can only be called at the runtime phase, as you call it. So what you are proposing doesn't make much sense. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
