Yasuo Ohgaki wrote: > [EMAIL PROTECTED] wrote: >> It happens on our system that there will never be any files owned by >> user A under a directory owned by user B. But even if there were, I think >> safe mode should disallow this type of filesystem reading. > > Under UNIX like systems, /tmp is world writable and everyone on the > system can open dir/wirte/read files, but it's possible to secure > files/directory under /tmp. I think you can apply the same. > > GID support also helps to allow opening files certain group. > Is it not enough for your security needs? >
BTW, if you get rid of read permission for a directory, directory listing is not possible under UNIX like systems. You can still read/write files with proper permission. (unlink/create files with proper permission also. You can get rid of write permission for directory, too.) Just in case, you didn't know about it :) php.ini entries like safe_mode_opendir_sid safe_mode_opendir_gid will help to improve security still. I just don't need this kind of feature, but others may need it. -- Yasuo Ohgaki _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
