[EMAIL PROTECTED] wrote: > > When in "safe mode" shouldn't PHP check to see if the directory that is > about to be opened with a opendir() function has the same UID as the PHP > script itself, and fail if the UIDs do not match?
From 4.1.0, optional GID check is available. > > Because in PHP 4.0.6 with safe_mode "on", a PHP script owned by "fred" can > open any directory owned by any other UID, so long as the directory is > under the "open_basedir". This does not seem right to me, as it allows a > user in safe_mode to browse all the files on the entire webserver, looking > for things he might be able to peek at with a web browser. > > Please advise whether this should be a bug report. Take a look at lastest implementation see if you still have issues. http://snaps.php.net/ -- Yasuo Ohgaki -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
