On Sun, 26 Aug 2012, Stas Malyshev wrote:
> > While this has no immediate impact for average PHP users, it
> > basically kills the possibility for an extension like Suhosin to
> > catch all function starts. This should also be a problem for your
> > DTRACE support. And IIRC Xdebug was hooking t
Hi!
> While this has no immediate impact for average PHP users, it
> basically kills the possibility for an extension like Suhosin to
> catch all function starts. This should also be a problem for your
> DTRACE support. And IIRC Xdebug was hooking this point (at least in
> the past), too.
>
> My
Hi!
> Nowadays (since PHP 5.0) the code was moved from
> call_user_function_ex to zend_call_function and just looks like
> this:
>
> ((zend_internal_function *)
> EX(function_state).function)->handler(fci->param_count,
> *fci->retval_ptr_ptr, fci->retval_ptr_ptr, fci->object_ptr, 1
> TSRMLS_CC);
Hi!
> it recently came to my attention that the function whitelist and
> blacklist feature inside Suhosin is easily bypassable since PHP 5.0.
Did you have a bug report for this? If not, could you please submit one
so we could track it properly? If yes, please send me its number.
Thanks,
--
Stan
Hi!
> Nowadays (since PHP 5.0) the code was moved from
> call_user_function_ex to zend_call_function and just looks like
> this:
>
> ((zend_internal_function *)
> EX(function_state).function)->handler(fci->param_count,
> *fci->retval_ptr_ptr, fci->retval_ptr_ptr, fci->object_ptr, 1
> TSRMLS_CC);
发自我的 iPad
在 2012-5-21,21:05,Stefan Esser 写道:
> Hi,
>
>>> While this has no immediate impact for average PHP users, it basically
>>> kills the possibility for an extension like Suhosin to catch all function
>>> starts.
>> Actually, there is one, use user opcode handler hook the fcall series
>>
Hi,
>> While this has no immediate impact for average PHP users, it basically kills
>> the possibility for an extension like Suhosin to catch all function starts.
> Actually, there is one, use user opcode handler hook the fcall series
> opcodes, that is how I did in taint extension.
From what I
Sent from my iPhone
在 2012-5-21,18:42,Stefan Esser 写道:
> Hi,
>
> it recently came to my attention that the function whitelist and blacklist
> feature inside Suhosin is easily bypassable since PHP 5.0.
>
> The reason for this is that PHP is no longer calling the
> zend_execute_internal() hook i
On Mon, 21 May 2012, Stefan Esser wrote:
> While this has no immediate impact for average PHP users, it basically
> kills the possibility for an extension like Suhosin to catch all
> function starts. This should also be a problem for your DTRACE
> support. And IIRC Xdebug was hooking this point
Hi,
it recently came to my attention that the function whitelist and blacklist
feature inside Suhosin is easily bypassable since PHP 5.0.
The reason for this is that PHP is no longer calling the
zend_execute_internal() hook if a function is called from another function (via
zend_call_function)
10 matches
Mail list logo
