Re: Loading bytecode in require()

Subject: Re: Loading bytecode in require()
From: Egor Skriptunoff &lt;egor.skriptunoff@ ... &gt;
Date: Mon, 20 Jul 2015 01:26:18 +0300

On Sun, Jul 19, 2015 at 10:15 PM, Tom N Harris <whoopdedo@whoopdedo.org> wrote:

Require is assumed to be operating on trusted code so there's no need for safeguards.
It is not typical for user-supplied files to be loaded that way.

Actually, we are compelled to use require() for trusted code only (because of security hole).

That's why "It is not typical for user-supplied files to be loaded that way."

you may as well just set up a proper sandboxing framework and
load untrusted files manually instead of with require.

Unfortunately, sandboxing is necessary.
Of course, require_untrusted() is not the same as require() with mode="t"

But I don't know why you'd really want to do that.

My initial thought was to make considering bytecode as potentially insecure
be consistent across the whole language, not just for two particular functions.

I'm agree, this proposal does not remove require() vulnerability completely.
As with load() and loadfile() functions, "mode" argument does not solve all existing problems.