On Fri, 29 Sep 2006 06:55:46 +0100, Johnny
<re************ *****@hotmail.c omwrote:
I guess you could always redefine system, fopen and a few other
functions so
that they allow url opeing where appropriate but not local files.
and then make it so that the code interface is via php so you control
what
gets uploaded and run.
I think this is what runkit does through its extension; it creates another
PHP context and hooks certain PHP functions to control access and usage.
Using file system restrictions probably wont work because the host script
does need database/filesystem/network access, it's just the restricted PHP
that shouldnt be allow todo anything but access a provided API and perform
basic PHP language operations. There is afaik no way you can provide a
restricted "eval" like you can in other languages, like Lua. Lua really is
ideal for this sort of restriction but it's an extremely basic quirky
language which is no good atall for web development.
I think runkit might be my soloution but i can only get it to compile
statically linked which means i'm probably going to have to do a complete
build of PHP on windows, not tham i'm affraid of getting my hands dirty
it's just more work i dont need.
I guess im still weighing up whether ASP.NET + Spidermonkey will be a
better soloution than doing a complete rebuild of PHP + fixed runkit.
Fixing runkit looks like im really going to have todo my homework on the
PHP Zend engine and go on a serious bug hunt. I found some pretty basic
bugs in runkit that i wasn't expecting to find. Things like not allocating
space and corrupting the stack.... made me lose a little faith in runkits
security.
I really need some PHP internals guru to chime in.
