On Fri, November 17, 2006 00:54, J.M.Roth wrote: > Now if you would like to use safe mode, which is highly recommended on > shared systems, you will have to put this file into > safe_mode_include_dir (everyone will be able to read this file as > permissions will no longer be checked) or disable safe mode for the webs > that would like to use phpBB (and chown this script to www-data, more > secure), but disabling safe mode for an untrusted web is not really an > option.
Yes, but that is not specific at all to the phpbb package. We cannot fix that problem here. > Obviously another fix will need to be found here. I don't know why noone > takes this buggy PHP stuff seriously. The PHP developers themselves have stated that safe_mode cannot be trusted to be truly secure; it will be removed in the next major upstream release. Thijs
