Christopher Kunz wrote:
Peter Brodersen wrote:Well, safe_mode could prevent someone of doing a shell_exec("cat /home/otheruser/web/config.php"); open_basedir can't do the same thing. Even if open_basedir could restrict the location of the called executable people could still upload a binary to their own directory.Sorry for jumping in without reading the whole mammooth thread: Why not unbundle safe_mode_exec_dir from safe_mode and keep it? That way, the obvious stuff gets fixed (although you can still shoot yourself in the foot with stuff like convert or whatever $CMS_OF_THE_DAY might require to run smoothly). Is that feasible?
I think that is a pretty good idea actually. It's the uid matching that is the problem. Having a way to restrict which commands the exec functions can execute is sort of a separate thing that is snapped onto the end of safe_mode.
We're a little distracted by 5.1, but if you or someone else can keep this in mind and remind us later, I would appreciate it. Or come up with a patch for HEAD we can look at.
-Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
