Peter Brodersen wrote:
Well, safe_mode could prevent someone of doing a
shell_exec("cat /home/otheruser/web/config.php");
open_basedir can't do the same thing.
We were in a continual losing race against that sort of thing though.
In pretty much every single release there have been ways to do this that
got around safe-mode.
- open_basedir restriction plus disable
exec+passthru+proc_open+shell_exec+system+popen+pcntl_exec(+dl)?
- jail users into hell?
- or something third?
I have always maintained that shared hosts should be running
per-security context Apache instances as different users. That's the
only way to truly keep things secure. If you have everyone executing
things as the same user id you will never truly separate the security
contexts. Failing that, shared hosts should be looking at per-user fastcgi.
-Rasmus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
