New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
get rid of proc_open #379
Comments
Do you have any suggestions as to what we could replace proc_open with ? Is a call to 'exec' better? postfixadmin/functions.inc.php Line 1005 in 4d8b455
|
no, i would replace the calls to filesystem binaries at all. it makes no difference if exec/proc_open/system etc. are called, they are (more or less) the same. if that would be java, i would help you, but i am really no php programmer. sha and all the other hashing algorithms are supported by php, so i would use those. why not create a new class like hmm... this is some pseudocode how i would create that
|
so the only thing you have to do in the future is to add 1 line if dovecot adds new support for another hashing algorithm, and its easy testable and you can use it everywhere where dovecot and hashing is used |
at the moment i have some time... its a long time ago since i did php, but i will set up everything tomorrow. |
not sure if my approach is good for your project because i would try to do that in an object oriented way, and the functions.php looks more like a procedural coding style. is there any plan to move more to a object oriented style or do you want to stay procedural? |
Right - i think it's been a case of :
Over time different people have added additional hash support. I agree the functions.inc.php file is too big, but there are loads of things that need fixing with the project (for me: I find the Handler classes difficult to use/follow and overly complex, there aren't enough tests, the code isn't extensible enough to support things like TOTP etc)...... |
relying on binaries is always bad.
yes if you want to parse the output. lets assume dovecot changes their output to something different, then its incompatible.
thats absolutely wrong. imagine you have arch linux with dovecot 2.x and fedora with dovecot 3.x - thats a breaking change. YOU need to test if it works or not when you rely on a binary. then its required to have some kind of compatibility matrix. making sure "hello world" gives the correct hash should be more or less a oneliner in phpunit for each hashing algorithm. |
thanks for your effort! :) |
i would like to secure my php.ini, but i can not restrict it to deny proc_open because the current code base requires the execution of a filesystem application (doveadm).
that also blocks the clean* containerization of postfixadmin.
*) one application in one container, currently only possible with 2 (postfixadmin and dovecot)
The text was updated successfully, but these errors were encountered: