From: tonix at interazioni dot it Operating system: PHP version: Irrelevant Package: Safe Mode/open_basedir Bug Type: Feature/Change Request Bug description:Force source IP on network operations
Description: ------------ It would nbe nice to have a new security feature in PHP. Actually, a web server receives connections from a specific IP/port, but any PHP script can use any available address on outgoing connections. This can be a security problem. It should be possible to 'force' PHP to open connections only with a spcific IP or with the listening IP.This helps to prevent such problems: * if you have internal interfaces in the same machine where you have public IPs, a web PHP application could try to use the internal address of the interface, exploring internal network (actually we avoid that thanks to FreeBSD jails). * if apache listens on a specific IP for a single domain, and listens on other IPs for others domains, it would be safe if each domain can use as source IP only the listening IP associated. -- Edit bug report at https://bugs.php.net/bug.php?id=63076&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=63076&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=63076&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=63076&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=63076&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=63076&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=63076&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=63076&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=63076&r=needscript Try newer version: https://bugs.php.net/fix.php?id=63076&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=63076&r=support Expected behavior: https://bugs.php.net/fix.php?id=63076&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=63076&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=63076&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=63076&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63076&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=63076&r=dst IIS Stability: https://bugs.php.net/fix.php?id=63076&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=63076&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=63076&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=63076&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=63076&r=mysqlcfg