Topic: open_basedir realpath_cache realpath_turbo

i wonder when this buggy "feature" will be fixed
https://bugs.php.net/bug.php?id=52312

is there any chance you can build an rpm php module realpath_turbo for latest php 7.4.x?
so we can probably give it a try, and actually at least able to run open_basedir with realpath_cache


https://github.com/Whissi/realpath_turbo

developer is confirmed it works with 7.4

thank you for your help

Re: open_basedir realpath_cache realpath_turbo

Your request makes me perplexed

What are you trying to do/fix with open_basedir configuration ?

This have never be a real security feature

ANd linked extension seems to be worst

> Therefore realpath_turbo is not recommended for any shared hosting environment.
> Instead of relying on open_basedir, you should create VMs or use containers (LXC)
> to safely separate your users without any performance degradation.

Why not simply using different FPM pools, running under different users ?
And if you are paranoiac you can even use chroot option wink

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: open_basedir realpath_cache realpath_turbo

as i understand these functions were built in purpose,
but as you can see from bug report they broken that someone disabled it
instead of to simply let user decide how to configure it, which is obviosly correct way.

car has a seatbelt, this is not a 100% security, and its up to you to use it or not smile

i was looking for open_basedir as an addition to chroot and ACL permissions, as it is.
also im wrapping it up to read-only mount.
so i need cache for this reason too smile

im just building microservices where the root configuration better to have some extra "hiccups" for malware.

why not.

this all looks promising wink

Re: open_basedir realpath_cache realpath_turbo

See https://blog.remirepo.net/pages/PECL-ex … atus#c9196

php-realpath-turbo is now available in the repository.

Notice: https://github.com/Whissi/realpath_turbo/issues/18

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: open_basedir realpath_cache realpath_turbo

going to test it,
thank you