Sara Golemon wrote:
The attached patch changes open_basedir from PHP_INI_SYSTEM to PHP_INI_ALL.
[...]
The advantage of doing this is that package authors and/or users of shared
hosting who may not have access to making their settings more restrictive
can avoid most simple FS inspection attacks caused by buggy script code by
adding a single ini_set(basedir(__FILE__)); to the top of their script or
setting it with an .htaccess directive.
Great feature. I can see this being very useful to packaged PHP applications
like ours (MediaWiki). The only complication in implementation I can think
of is trying to work out the location of PEAR, for those modules that use
it. I suppose we would have to append the default include_path to the
runtime open_basedir, to make sure that PEAR is accessible.
-- Tim Starling
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
