Re: string_exec()
- Posted by jimcbrown (admin) Mar 05, 2015
- 2104 views
Is there no grey area? I was trying to find a way to allow your sandbox, and allow me to include the whole world
I don't think so. Doing what you want via string_exec() would almost seem to require that string_exec() perform dynamic runtime self-modifying bytecode manipulation anyways. Which certainly isn't out of the question - but if you're going to be manipulating bytecode anyways, why not just go straight to the source instead of dealing with an extra layer?
Another point is that implementing a sandbox'd string_exec() or eueval4.1 is a lot easier than implementing an unsandbox'd string execution mechanism via self-modifying bytecode.
Edit: Although there may be no grey area, I think that there is room for both concepts to co-exist side-by-side (at least IMVHO).
