> Sandboxing: Complicated by the fact that it only works in a threaded > build, can't transfer all types (e.g. resource, complex objects), and > can't run concurrently. Until/unless these problems can be > meaningfully solved, I wouldn't consider it a functional > implementation.
To me the "thread thing" feels like the dirty hack workaround _because_ it's in PECL, and this is the only option available. chroot() isn't available everywhere. chrooting with php-fpm requires an additional amount of configuration (and forethought), and running both a chrooted and non-chrooted pool even more so. I did originally pose it as a potential v6 feature, and that's where I'll leave it. In the "wouldn't it be nice" pile. There's always going to be cases where products want to use user-generated code, and isolating in a way that prevents it breaking things is desirable. Having the right tools to do that instead of requiring clunky workarounds "would be nice" when the engine can support it. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php