PHP Programming - Embedding secure scripting language in PHP (req PHP internals expert)

Author

Embedding secure scripting language in PHP (req PHP internals expert)

Nemon

2006-09-28, 6:57 pm

I need to expose some scripting functionality to novice users in a project
of mine. What i wonderd was if anyone knew a way of executing secure PHP
from within a PHP script or an alternative embedded scripting method? Some
interaction between the PHP script host and the secure embedded script are
needed.

I'm currently i'm playing with ASP.NET(C#) and embeded
jscript(spidermonkey) via managed C++ library but it's quite alot of work,
complex.

I already know about runkit but last time i checked it was pretty broken
and lacked execution time limits; I also emailed the author but got no
reply. Perhaps just fixing runkit myself would be a simpler option? Is
this a viable option, can runkit be fixed up to properly secure a PHP
context? Spawning a seperate process for every request is pretty much out
of the question as it's too expensive for what i have in mind, this is for
a windows host so.

I need to allow looping, branching and basic PHP features but no access to
OS resources and absolutely no file system access. I'd also need a way to
impose memory and CPU time restrictions.

Thanks for any help.
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

Johnny

2006-09-29, 3:57 am

"Nemon" <nemon@home.fake.com> wrote in message
news:op.tgle7lu5no4rwm@nautilus...
<snip />

> I need to allow looping, branching and basic PHP features but no access to
> OS resources and absolutely no file system access. I'd also need a way to
> impose memory and CPU time restrictions.
>

hehe sounds a lot like a plain vanilla shared hosting account :-)

one host I deal with will let you do limited system things like
system("ls -l",$ret);
but won't let you do chmod,create or write to a file (unless directory
permissions are set to 757) since php comes in as an other user.

I guess you could always redefine system, fopen and a few other functions so
that they allow url opeing where appropriate but not local files.
and then make it so that the code interface is via php so you control what
gets uploaded and run.

and you can set both timeout and max memory usage in php.ini

Nemon

2006-09-29, 6:58 pm

On Fri, 29 Sep 2006 06:55:46 +0100, Johnny
<removethis.huuanito@hotmail.com> wrote:

> I guess you could always redefine system, fopen and a few other
> functions so
> that they allow url opeing where appropriate but not local files.
> and then make it so that the code interface is via php so you control
> what
> gets uploaded and run.

I think this is what runkit does through its extension; it creates another
PHP context and hooks certain PHP functions to control access and usage.
Using file system restrictions probably wont work because the host script
does need database/filesystem/network access, it's just the restricted PHP
that shouldnt be allow todo anything but access a provided API and perform
basic PHP language operations. There is afaik no way you can provide a
restricted "eval" like you can in other languages, like Lua. Lua really is
ideal for this sort of restriction but it's an extremely basic quirky
language which is no good atall for web development.

I think runkit might be my soloution but i can only get it to compile
statically linked which means i'm probably going to have to do a complete
build of PHP on windows, not tham i'm affraid of getting my hands dirty
it's just more work i dont need.

I guess im still weighing up whether ASP.NET + Spidermonkey will be a
better soloution than doing a complete rebuild of PHP + fixed runkit.
Fixing runkit looks like im really going to have todo my homework on the
PHP Zend engine and go on a serious bug hunt. I found some pretty basic
bugs in runkit that i wasn't expecting to find. Things like not allocating
space and corrupting the stack.... made me lose a little faith in runkits
security.

I really need some PHP internals guru to chime in.

Sponsored Links