Req #54564 [Com]: extension_dir should be used for loading zend_extensions

Sun, 16 Sep 2012 00:23:41 -0700 

Edit report at https://bugs.php.net/bug.php?id=54564&edit=1

 ID:                 54564
 Comment by:         tyr...@php.net
 Reported by:        tyra3l at gmail dot com
 Summary:            extension_dir should be used for loading
                     zend_extensions
 Status:             Open
 Type:               Feature/Change Request
 Package:            Scripting Engine problem
 PHP Version:        5.3.6
 Block user comment: N
 Private report:     N

 New Comment:

Stas, I'm not sure I'm following your reasoning here.
extension_dir exists, and it is pretty standard in each and every distribution 
to 
rely on this behavior, so bringing this issue against my proposal means that 
you 
either missed my point (extension_dir is honored for zend_extension= like it 
does 
for extension=) or you somehow think that loading a rouge zend extension has 
bigger security implications, which I can't see.

ps: Binary Planting isn't really similar with what we have here, the issue with 
that is that it allows loading dll's from the current directory, while we would 
only allow loading extensions from the paths listed in extension_dir.


Previous Comments:
------------------------------------------------------------------------
[2012-09-16 06:54:57] s...@php.net

I think loading extensions through relative path opens a way to all kinds of 
dangerous behavior and may have problematic security implications - like ones 
described here: http://arstechnica.com/information-technology/2010/08/new-
windows-dll-security-flaw-everything-old-is-new-again/. I'm not sure also why 
it 
is necessary - why can't PHP extension be installed in extension dir and run 
from 
there? If one needs multiple ones, multiple php.ini files can always be used.

------------------------------------------------------------------------
[2011-04-18 23:05:25] tyra3l at gmail dot com

Description:
------------
I've brought this topic on the internals
http://marc.info/?l=php-internals&m=130314285822279&w=2
and I think that it would be useful and more consistent, if this could be 
changed, 
so one could easily load both "normal" and zend extensions without the need to 
use 
absolute paths.


Test script:
---------------
php -n -d zend_extension=xdebug.so -r ''

Actual result:
--------------
Failed loading xdebug.so:  xdebug.so: cannot open shared object file: No such 
file 
or directory


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=54564&edit=1

Reply via email to