Hi,
On Thu, 24 Nov 2005 15:55:10 -0800
"Sara Golemon" <[EMAIL PROTECTED]> wrote:
> > Well, safe_mode could prevent someone of doing a
> > shell_exec("cat /home/otheruser/web/config.php");
> > open_basedir can't do the same thing.
> >
> disabled_functions=shell_exec, etc....
This is pretty much the problem. Would you regard this as "best practice"?
In that case we would actually just remove safe_mode and ask every
individual user to "remake" safe_mode behaviour by disabling the very
same functions, safe_mode would disable.
Furthermore, this behaviour would be vulnerable to new exec-functions
requiring a lot of maintenance for end users.
If this really is best practice, why don't we just rename safe_mode to
"disable_exec_functions" (and maybe remove UID checks)? It would be
easier to maintain and easier to deploy - provided that this really is
the recommended setup.
--
- Peter Brodersen
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
