Re: Re: [RFC][DISCUSSION] script() and script_once()

From:	Yasuo Ohgaki	Date:	Thu, 05 Feb 2015 10:52:04 +0000
Subject:	Re: Re: [RFC][DISCUSSION] script() and script_once()
References:	1 2 3 4 5 6 7 8	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi Pierre,

On Thu, Feb 5, 2015 at 7:24 PM, Pierre Joye <[email protected]> wrote:

> I do understand what you try to achieve, from all point of view.
> However I strongly disagree with this as a security improvement. I see
> this more as yet another attempt to replace what should be done at the
> OS level.
>

I should have mentioned that OS level protection cannot be perfect neither.
For example, if app allow uploading image files, OS must allow access to
image files.

SInce PHP includes script with embedded mode, attacker can easily embed
attack script in image files....

Regards,

--
Yasuo Ohgaki
[email protected]


   

Thread (31 messages)

• Yasuo OhgakiThu, 05 Feb 2015 01:53:10 +0000
  • Yasuo OhgakiThu, 05 Feb 2015 02:03:46 +0000Re: [RFC][DISCUSSION] script() and script_once()
    • reezeThu, 05 Feb 2015 04:38:13 +0000Re: Re: [RFC][DISCUSSION] script() and script_once()
      • Yasuo OhgakiThu, 05 Feb 2015 05:06:45 +0000
        • Adam HarveyThu, 05 Feb 2015 05:37:15 +0000
          • LeighThu, 05 Feb 2015 08:31:38 +0000
            • Yasuo OhgakiThu, 05 Feb 2015 10:20:53 +0000
              • Pierre JoyeThu, 05 Feb 2015 10:24:41 +0000
                • Yasuo OhgakiThu, 05 Feb 2015 10:47:05 +0000
                  • Pierre JoyeThu, 05 Feb 2015 11:49:20 +0000
                    • Yasuo OhgakiFri, 06 Feb 2015 01:25:43 +0000
                      • Pierre JoyeFri, 06 Feb 2015 01:39:06 +0000
                        • Yasuo OhgakiFri, 06 Feb 2015 02:07:39 +0000
                          • Pierre JoyeFri, 06 Feb 2015 02:13:13 +0000
                            • Yasuo OhgakiFri, 06 Feb 2015 03:33:29 +0000
                              • Pierre JoyeFri, 06 Feb 2015 03:40:55 +0000
                                • Yasuo OhgakiFri, 06 Feb 2015 04:08:46 +0000
                                  • Pierre JoyeFri, 06 Feb 2015 04:16:29 +0000
                                    • Yasuo OhgakiFri, 06 Feb 2015 04:35:11 +0000
                                      • Yasuo OhgakiFri, 06 Feb 2015 04:50:20 +0000
                                      • Pierre JoyeFri, 06 Feb 2015 04:52:44 +0000
                                        • Yasuo OhgakiFri, 06 Feb 2015 05:01:44 +0000
                                          • Lester CaineFri, 06 Feb 2015 08:30:15 +0000
                                            • Yasuo OhgakiFri, 06 Feb 2015 10:11:33 +0000
                • LeighThu, 05 Feb 2015 10:51:42 +0000
                  • Yasuo OhgakiThu, 05 Feb 2015 10:56:57 +0000
                • Yasuo OhgakiThu, 05 Feb 2015 10:52:04 +0000
        • François LaupretreThu, 05 Feb 2015 09:33:34 +0000RE: [PHP-DEV] Re: [RFC][DISCUSSION] script() and script_once()
  • Pierre JoyeThu, 05 Feb 2015 06:05:40 +0000
    • Martin KeckeisThu, 05 Feb 2015 08:55:48 +0000
  • Michael WallnerThu, 05 Feb 2015 09:47:32 +0000