[wp-trac] [WordPress Trac] #49953: Xdebug not working out of the box
WordPress Trac
noreply at wordpress.org
Thu Jul 9 01:58:22 UTC 2020
#49953: Xdebug not working out of the box
------------------------------+---------------------
Reporter: Jules Colle | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.5
Component: Build/Test Tools | Version: 5.3
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
------------------------------+---------------------
Comment (by pento):
This has the potential to introduce interesting security vulnerabilities,
I don't think it should be enabled by default.
Off the top of my head:
- Some Travis PHPUnit tests run with Xdebug enabled. Would this allow
remote connections to the Travis job, potentially exposing encrypted keys?
- Xdebug allows arbitrary code execution, if other people are able to
connect to someone's development environment (for example, if it's exposed
to the local network at a contributor day, or they use a forwarding
service like ngrok), this could very easily open a contributor's computer
to attack.
I'd be more comfortable with enabling this if it can reliably restrict who
it connects to.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49953#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list