On Tue, Feb 17, 2009 at 10:12, sean finney <sean...@seanius.net> wrote: > hi, > > On Tue, Feb 17, 2009 at 02:02:35AM -0500, Eric Stewart wrote: >> 14. A few other directives have been question but I don't have enough >> experience with these particular settings so please weight in on them. >> >> extension_dir = "./" >> enable_dl = On > > i'd be incredibly weary of this setting, even in a development environment. > > - if you have enable_dl on, a user can load an arbitrary .so into php's (and > thus most often apache's) memory space.
dl() should indeed be disabled by default (and the NEWS entry says it is). dl() support has furthermore been removed from most SAPIs, and according to the NEWS entry it is only available for cli, cgi and embed. Actually, the docs and NEWS are a bit inconsistent on that, the docs say the function just raises E_DEPRECATED while the NEWS entry makes it sound like dl() simply wont work as apache module.. -Hannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
