Re: [PHP] safe mode/open basedir not working ?

Fri, 02 Jul 2004 11:22:05 -0700 

Ok. How about set the safe_mode_exec_dir to /dev/null then ?

On Wed, 30 Jun 2004 21:55:17 -0700, Justin Patrin <[EMAIL PROTECTED]> wrote:
> 
> YES. You need to set the safe_mode_exec_dir path to be some path
> without binaries. Such as: /etc, although that's a bad example. Make a
> directory with only root write access and point that config option to
> it.
> 
> 
> On Wed, 30 Jun 2004 22:31:27 -0400, robert mena <[EMAIL PROTECTED]> wrote:
> >
> > Marek, Justin,
> >
> > am I doing something wrong with the setup because I saw the logs and a
> > redeye.php was used to system("perl -xxxx") and was not supposed to.
> >
> >
> > On Thu, 01 Jul 2004 00:32:07 +0200, Marek Kilimajer <[EMAIL PROTECTED]> wrote:
> > >
> > > Justin Patrin wrote --- napísal::
> > > > On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer <[EMAIL PROTECTED]> wrote:
> > > >
> > > >>robert mena wrote --- napísal::
> > > >>
> > > >>>Hi,
> > > >>>
> > > >>>I host a few virtual domains in apache 2 and use php.
> > > >>>
> > > >>>The virtual domain is something like
> > > >>>
> > > >>><VirtualHost a.b.c.d:80>
> > > >>>        ServerAdmin [EMAIL PROTECTED]
> > > >>>        DocumentRoot /home/httpd/html/domain.com
> > > >>>        ServerName www.domain.com
> > > >>>        ErrorLog   logs/domain.com-error_log
> > > >>>        CustomLog  logs/domain.com-access_log combined
> > > >>>        ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
> > > >>>        <Directory /home/httpd/html/domain.com/>
> > > >>>                AllowOverride AuthConfig Limit
> > > >>>                php_admin_value doc_root "/home/httpd/html/domain.com/"
> > > >>>                php_admin_flag safe_mode on
> > > >>>                php_admin_value open_basedir 
> > > >>> "/home/httpd/html/domain.com:/tmp/"
> > > >>>        </Directory>
> > > >>></VirtualHost>
> > > >>>
> > > >>>Recently I had a minor problem with a user that uploaded via ftp a php
> > > >>>script in his domain and this domain used exec/system etc to call
> > > >>>perl, read files.
> > > >>>
> > > >>>Shouldn't the settings above retrict such thing ?
> > > >>>
> > > >>
> > > >>no, this setting affects only php, not programs executed from php
> > > >
> > > >
> > > > If you have safe mode on, you can set various things to stop this. One
> > > > is safe_mode_exec_dir.
> > >
> > > Actualy you have to if you want to use any of the exec functions:
> > >
> > >
> >
> > 
> > !DSPAM:40e37582309468563245817!
> >
> >
> 
> --
> paperCrane --Justin Patrin--
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to