rfc:taint

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
rfc:taint [2010/01/08 21:11] – external edit 127.0.0.1rfc:taint [2017/09/22 13:28] (current) – external edit 127.0.0.1
Line 7: Line 7:
   * **Mailing list: ** [[http://marc.info/?l=php-internals|PHP internals]]   * **Mailing list: ** [[http://marc.info/?l=php-internals|PHP internals]]
   * **Miscellaneous: ** [[ftp://ftp.porcupine.org/pub/php/CHANGELOG|Change log]] [[ftp://ftp.porcupine.org/pub/php/LICENSE|License]] [[ftp://ftp.porcupine.org/pub/php/wietse-public-key.pgp|pgp public key]]   * **Miscellaneous: ** [[ftp://ftp.porcupine.org/pub/php/CHANGELOG|Change log]] [[ftp://ftp.porcupine.org/pub/php/LICENSE|License]] [[ftp://ftp.porcupine.org/pub/php/wietse-public-key.pgp|pgp public key]]
-  * **Status:** In the works+  * **Status:** Draft(Inactive) 
 +  * **Update:** A pecl extension implemented: http://pecl.php.net/package/taint
  
 ===== Introduction ===== ===== Introduction =====
Line 41: Line 42:
  
 At this point I can either leave taint support turned on as a safety net in case someone introduces new mistakes into the PHP script, or I can disable taint support altogether. The run-time performance will not differ measurably, as long as the application does not trigger any alarms. At this point I can either leave taint support turned on as a safety net in case someone introduces new mistakes into the PHP script, or I can disable taint support altogether. The run-time performance will not differ measurably, as long as the application does not trigger any alarms.
- 
 ===== Introducing multiple flavors of taint ===== ===== Introducing multiple flavors of taint =====
  
Line 50: Line 50:
 To encourage programmers to use the RIGHT conversion function, I have implemented multiple flavors of taint. Each time data enters a PHP application from the web, from database or from elsewhere, it may be "tainted" with zero or more taint flavors, so that the PHP engine can warn the programmer and suggest an appropriate conversion function. To encourage programmers to use the RIGHT conversion function, I have implemented multiple flavors of taint. Each time data enters a PHP application from the web, from database or from elsewhere, it may be "tainted" with zero or more taint flavors, so that the PHP engine can warn the programmer and suggest an appropriate conversion function.
  
-In the case of the buggy example program, data is marked as "dangerous for use in HTML" (and other contexts :-) when it is received from the web. The "echo()" primitive detects the presence of this taint flavor in one of its arguments, issues a warning, and suggests using "htmlspecialchars()" or "htmlentities()".+In the case of the buggy example program, data is marked as "dangerous for use in HTML" (and other contexts :-)) when it is received from the web. The "echo()" primitive detects the presence of this taint flavor in one of its arguments, issues a warning, and suggests using "htmlspecialchars()" or "htmlentities()".
  
 The table below summarizes a number of taint flavors: it shows where a specific flavor may be added to data, where its presence may raise warnings, and how you get rid of the taint flavor. Please ignore the ugly TC_XXX names for now. That's low-level stuff that still needs to be hidden behind a user interface. The table below summarizes a number of taint flavors: it shows where a specific flavor may be added to data, where its presence may raise warnings, and how you get rid of the taint flavor. Please ignore the ugly TC_XXX names for now. That's low-level stuff that still needs to be hidden behind a user interface.
Line 63: Line 63:
  
 The TC_SELF flavor is different from the other flavors. Instead of code injection, its purpose is to detect opportunities to hijack control over the PHP application itself. Currently, there is no conversion function that makes all data safe as input for "eval()", "include()" etc. Instead, the application itself is supposed to verify that data is "good" and mark it as such. Until a better user interface exists, this means calling the low-level "untaint()" function directly. The TC_SELF flavor is different from the other flavors. Instead of code injection, its purpose is to detect opportunities to hijack control over the PHP application itself. Currently, there is no conversion function that makes all data safe as input for "eval()", "include()" etc. Instead, the application itself is supposed to verify that data is "good" and mark it as such. Until a better user interface exists, this means calling the low-level "untaint()" function directly.
 +
 ===== What has been implemented sofar ===== ===== What has been implemented sofar =====
  
rfc/taint.1262985105.txt.gz · Last modified: 2017/09/22 13:28 (external edit)

Page Tools