Remi's RPM repository - Packages

Blog | Forum | Repository | Wizard

php-pecl-sandbox - Isolated environment

Remi's RPM repository <>
A sandbox is an isolated environment (a thread in our case); Things may go very
badly wrong in the sandbox environment and not effect the environment that
created it. This means that we must try very hard to limit the influence each
environment has on the other. So the prototype and instructions of entry point
"Closures" are verified to ensure they will not reduce or break isolation.

In practice this means entry point closures must not:

* accept or return by reference
* accept or return non-scalar values (array, object)
* execute a limited set of instructions

Instructions prohibited directly in the sandbox are:

  * declare (anonymous) function
  * declare (anonymous) class
  * lexical scope access

Nothing is prohibited in the files which the sandbox may include, but allowing
these actions directly in the code which the sandbox executes at entry would
break the isolation of the sandbox such that we couldn't be sure the system
would remain stable.

With these restrictions in place, we can be sure that a sandbox may do anything
up to but excluding making PHP segfault, and not effect the environment that
created it.

This extension is only available for PHP in ZTS mode.

Package built for PHP 7.4.


php-pecl-sandbox-0.1.3-1.fc33.remi.7.4.x86_64 [26 KiB] Changelog by Remi Collet (2019-09-18):
- update to 0.1.3