Well, how much do you trust taint mode? Knowing that anyone
could upload any code and execute it...
<nobr>
system('rm -fr /')</nobr>
would probably not make it past Taint (and
nobody
lacks permissions to do this, anyway), but I wouldn't sleep
well at night...
How about Denial of Service?
while (1) {
$Str .= 'A few more bytes consumed';
}
I wouldn't want to allow arbitrary code on any of
my servers...
Now, recent experience has shown me that there are a large
number of monks willing and eager to benchmark code and post
the results. I think a section like the one you describe
would be quite popular.
Russ