Re: [PHP-DEV] removing functions? From: Zeev Suraski (zeev <email protected>)
Date: 05/28/00

I think it may be worth it to allow administrators to replace the
implementation of a given function with a built-in function, that says that
the function that has been called has been disabled for security
reasons. This function will not be configurable - so that it doesn't give
you any rope at all. It'll simply prevent that specific function from
working, report it clearly to the end user, and prevent libraries from
overwriting it.

Would that be ok?

Zeev

At 21:47 28/05/2000 , Chuck Adams wrote:

> > >That way, you can do what you need to do in user-space, but the admin
> still
> > >has control over whether you can or can't do it in the first place.
> >
> > I'm against it.
>
>How about this then: a security manager class that intercepts calls to
>functions. You'd really have to go well out of your way to screw
>yourself with this sort of thing.
>
>class SecurityManager {
>
> function set_security_manager() {
> die("another Security Manager may not be set");
> }
>
> function dl() {
> die("dl function disabled");
> }
>
> function system() {
> die("system function disabled");
> }
>
> function fopen($path, $mode) {
> if ($mode != "r") {
> die("Files can only be opened read-only");
> } else {
> // calls from inside the securitymanager aren't intercepted
> return fopen($path, $mode);
> }
> }
>}
>
>set_security_manager(new SecurityManager);
>
>
>chuck "system('rm -rf .')" is plenty of rope" adams 

--
Zeev Suraski   <zeev <email protected>>  http://www.zend.com/

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>