On Sun, 26 Aug 2012, Stas Malyshev wrote:
> > While this has no immediate impact for average PHP users, it
> > basically kills the possibility for an extension like Suhosin to
> > catch all function starts. This should also be a problem for your
> > DTRACE support. And IIRC Xdebug was hooking t
Hi!
> While this has no immediate impact for average PHP users, it
> basically kills the possibility for an extension like Suhosin to
> catch all function starts. This should also be a problem for your
> DTRACE support. And IIRC Xdebug was hooking this point (at least in
> the past), too.
>
> My
Hi!
> Nowadays (since PHP 5.0) the code was moved from
> call_user_function_ex to zend_call_function and just looks like
> this:
>
> ((zend_internal_function *)
> EX(function_state).function)->handler(fci->param_count,
> *fci->retval_ptr_ptr, fci->retval_ptr_ptr, fci->object_ptr, 1
> TSRMLS_CC);
Hi!
> it recently came to my attention that the function whitelist and
> blacklist feature inside Suhosin is easily bypassable since PHP 5.0.
Did you have a bug report for this? If not, could you please submit one
so we could track it properly? If yes, please send me its number.
Thanks,
--
Stan
Hi!
> Nowadays (since PHP 5.0) the code was moved from
> call_user_function_ex to zend_call_function and just looks like
> this:
>
> ((zend_internal_function *)
> EX(function_state).function)->handler(fci->param_count,
> *fci->retval_ptr_ptr, fci->retval_ptr_ptr, fci->object_ptr, 1
> TSRMLS_CC);
发自我的 iPad
在 2012-5-21,21:05,Stefan Esser 写道:
> Hi,
>
>>> While this has no immediate impact for average PHP users, it basically
>>> kills the possibility for an extension like Suhosin to catch all function
>>> starts.
>> Actually, there is one, use user opcode handler hook the fcall series
>>
Hi,
>> While this has no immediate impact for average PHP users, it basically kills
>> the possibility for an extension like Suhosin to catch all function starts.
> Actually, there is one, use user opcode handler hook the fcall series
> opcodes, that is how I did in taint extension.
From what I
Sent from my iPhone
在 2012-5-21,18:42,Stefan Esser 写道:
> Hi,
>
> it recently came to my attention that the function whitelist and blacklist
> feature inside Suhosin is easily bypassable since PHP 5.0.
>
> The reason for this is that PHP is no longer calling the
> zend_execute_internal() hook i
On Mon, 21 May 2012, Stefan Esser wrote:
> While this has no immediate impact for average PHP users, it basically
> kills the possibility for an extension like Suhosin to catch all
> function starts. This should also be a problem for your DTRACE
> support. And IIRC Xdebug was hooking this point
