[TYPO3-core] RFC #13701: Bug: @ini_set() works only on windows, on some unices it could render the function unusable
Dmitry Dulepov
dmitry.dulepov+t3ml at gmail.com
Wed Mar 3 18:58:29 CET 2010
Hi!
On 2010-03-03 14:42:00 +0200, netz-haut - stephan seitz said:
> Thanks for your response. You're right, I need to proof that. What
> Iwant to say is, that it's functionality regarding "sendmail_from"
> isrestricted on each standard installation of RHEL5/Centos5, Debian
> Lenny,Ubuntu 8.10 (and I'ld blindly state this for every later
> release),OpenSolaris and NetBSD. These are the systems, I'm able to
> verify. Tostep deeper into that issue: Ancient sendmail didn't take
> much care ofsetting the sender of a mail. This "feature" has been
> abandoned in abovelisted standard configuration files. Most of the
> listed distros switchedover to postfix as the default MTA. This MTA
> never offered this featureby default. I'm not saying that it's
> impossible to get the -f switchback working for an unprivileged user,
> I'm speaking for out-of-the-boxconfigurations. Also, it's very unlikely
> to have a responsibleserver-admin turning this feature on by demand as
> you're able to fakeeverything and trick the MTA into a nice spambot.
> Personally, I'ldprefer clear ESMTP as you'll always get the benefit of
> existing andvalid sender addresses. I've seen countless TYPO3
> Installations thatclaimed to be "mail at example.org" or similar by mail.
> I known that mystatements are more prophetic than technical, but this
> is my point ofview from down at the machine room ;)
You are right in what you say. In my opinion TYPO3 should not use
init_set() or error_reporting or other functions that alter server
settings.
There are certain problems, such as memory limits, etc. It is used for
ages in TYPO3 so we cannot just get rid of ini_set(). It will break
compatibility and cause people to ramble. Compatibility is an important
issue that must be always observed. So we need to be careful with these
changes.
--
Dmitry Dulepov
TYPO3 expert / TYPO3 security team member
Read more @ http://dmitry-dulepov.com/
More information about the TYPO3-team-core
mailing list