close 562782 notfound php5/5.2.6.dfsg.1-1+lenny3 thank you Have you read http://dev.mysql.com/doc/mysql-security-excerpt/5.1/en/load-data-local.html ?
Quoting: You can disable all LOAD DATA LOCAL commands from the server side by starting mysqld with the --local-infile=0 option. Hence this is not a bug, but a feature, so I am closing this bug. Ondrej 2010/1/6 Ondřej Surý <[email protected]>: > Hi anonymous admin, > > we do not consider open_basedir bugs as critical, so this will > probably not be fixed in stable. Are you able to test if this also > applies to version in unstable (in chroot, or kvm)? > > Ondrej > > On Sun, Dec 27, 2009 at 22:12, The Mighty System Admin <[email protected]> wrote: >> Package: php5-mysql >> Version: 5.2.6.dfsg.1-1+lenny3 >> Severity: normal >> >> mysql extension for php5 package bypasses open_basedir restrictions >> due to the way libmysqlclient package is compiled. >> >> Forcing the "--enable-local-infile" flag during compilation of >> libmysqlclient package causes the built-in protection in php5's >> mysql extension to malfunction allowing anyone to read files outside >> open_basedir. >> >> >From the limited research I did, there's no way to make this >> protection work properly unless the aforementioned compile flag >> is turned off. >> >> -- System Information: >> Debian Release: 5.0.3 >> APT prefers stable >> APT policy: (500, 'stable') >> Architecture: amd64 (x86_64) >> >> Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores) >> Locale: LANG=en_US, LC_CTYPE=cs_CZ (charmap=ISO-8859-2) >> Shell: /bin/sh linked to /bin/bash >> >> >> >> _______________________________________________ >> pkg-php-maint mailing list >> [email protected] >> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint >> > > > > -- > Ondřej Surý <[email protected]> > http://blog.rfc1925.org/ > > > > _______________________________________________ > pkg-php-maint mailing list > [email protected] > http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint -- Ondřej Surý <[email protected]> http://blog.rfc1925.org/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
