On Sat, 25 Mar 2006 12:14:52 -0500, in php.internals [EMAIL PROTECTED]
(Ilia Alshanetsky) wrote:
>Plus is you leave the file writable, what's to say you couldn't do:
>shell_exec("cp foo /lib/file/inc.php") ?
The possible exec restriction salvaged from safe_mode mentioned in
<[EMAIL PROTECTED]> ?
This thread is mainly about a safety net for one's own code. But
regarding restricting users, open_basedir is IMO useless if not backed
up by some other methods (like restricting exec functions).
--
- Peter Brodersen
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
