On Sat, May 11, 2019 at 5:56 AM Niklas Keller <m...@kelunik.com> wrote:
> > I'm against deprecating it or removing it. > > > > As said earlier, it has some security value, especially with mass > > hosting. If I'm hosting thousands of websites for thousands of users, > > using chroot is not doable, and open_basedir is a good alternative (at > > least it's better than nothing). > > > > That's why it's used by ISPconfig and other panels: there is no other > > solution that I know of. > > That's exactly the reason why I'm for removing it. There will always > be ways to circumvent open_basedir and setups like this are insecure. > It gives a false sense of security. It's not better than nothing, > because most hosting providers would opt for a real solution instead > of leaving users entirely unprotected. > Under VM setup, there is not much problem for linux. However, docker (and/or cgroup based containers) has problem because there is no namespace for selinux. Therefore, containers cannot have workable selinux protection, as well as OSes that lacks selinux like protections. I don't care much about open_basedir. However, I wonder how many container setups relay on open_basedir as additional security. Regards, P.S. Anyone shouldn't rely on stack smashing attack protection, yet it's still there for sail safe purpose. open_basedir is fail safe feature. -- Yasuo Ohgaki yohg...@ohgaki.net
