On Fri, 1 Oct 2004, Sara Golemon wrote: > > The > > only case that trips us up is the one where a user has direct access to > > create whatever symlinks he wants in his own directory and then by hitting > > that symlink through the web server he is effectively reading any file the > > web server user id has permission to read and thereby bypassing safemode. > > > I wouldn't consider it uncommon for shared hosting users to have a shell > account....
I haven't really kept up with what ISP's are doing these days, but I would hope they would be chroot'ing ot jail'ing these shell accounts? -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
