search

christiaan / php-sandbox

Php Sandbox in a child process which should make it possible to run user supplied code safely
MIT License
4 stars 0 forks source link

Redefine internals #1

Open IngwiePhoenix opened 9 years ago

IngwiePhoenix commented 9 years ago

Is there a way to utilize this sandbox to re-define internal functions as desired?

Kind regards, Ingwie

christiaan commented 9 years ago

When you run php with disable_functions it is as if those functions don't exist. This is how this project allows you to limit the php environment.

You don't mention what you're trying to achieve. This was more or less a proof of concept, it works but as far as I know does not run in production anywhere. Also because for each sandbox it runs a seperate process it is also much slower than real sandbox solutions.

If you want to offer a scripting solution for your application to offer to your end users you are most likely better off useing either the LUA or JavaScript V8 php extensions.

IngwiePhoenix commented 9 years ago

Well then let me explain. :)

I am coding a "system" consisting of a small amount of Services, or modules. One of them serves an application through a HTTP server - it is the main application. But this webserver is also coded in NodeJS and utilizes hprose to talk to a PHP instance. This PHP instance is actually written with Workerman. I have implemented a Tcp server for Hprose, so that I can distribute the hprose service across processes, just like the actual nodejs process runs as a cluster.

The only purpose of this PHP service is to act as a replacement for PHP-FastCGI since I just could not get a proper fcgi parser working for Nodejs. So a request comes in, is forwarded to PHP through hprose, the output is sent back and then to the client.

But the problem is, that after I'd run the app, the state of the worker is "dirty". It has session data, cookies and such stored - which is not very good. Therefore I currently restart the worker every time a request is done processing. It restarts while the output is sent to the client.

So I thought, what if I could run all my code in a sandbox, that i could just terminate and have a clean slate again? That is why I looked into this project. And since I am returning the output as an object to the nodejs server, I have a field for header entries. So I need to overwrite a small handful of functions - 3 currently - to make the underlying app believe it ran in a "real" environment.

So about disable_functions... I can disable them but not redefine them. So I will have to use runkit - that is no problem. It can be installed alongside any PHP version really.

Though, rather ironicaly, I found a project which somehow does allow function redefinition within a sandbox. So I can probably combine this and that.

Thanks for your reply though! :)