Tomas Kuliavas:
> > A preliminary implementation of PHP taint support is available from
> > ftp://ftp.porcupine.org/pub/php/ This code is released under version
> > 2.00 of the Zend license.
> >
> > Below are fragments from the README file. For the full text please see
> > ftp://ftp.porcupine.org/pub/php/php-5.2.3-taint-20071102.README.html
> > This file also has information about using taint in real applications,
> > about run-time performance, and about changes within the PHP core.
> >
> > Most of all, your feedback is welcome, so that I can make this code
> > as easy to use and as performant as possible.
>
> php-5.2.3-taint-20071102
> gcc (GCC) 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)
> compiling apache 2.2.4 dso module
>
> configure with --enable-mbstring --disable-mbregex
As documented, the SAPIs that currently work are cli, cgi, and
apache module (--with-apxs); and the extensions that work are
--with-mysql and --with-mysqli.
Other SAPIs, and extensions that depend on SAPIs need to be converted
because some function pointers require an extra argument when taint
is compiled in (I could not hide this under another layer of macros
in an #include file). Most other code should compile out of the box.
> Do you need more information about other configure options or compilation
> environment?
I would need the full ./configure line. There's a ton of SAPIs and
I could not update all of them in time for IBM's annual performance
review deadline, and still release decent quality code/documentation.
Wietse
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
