It appears to do some stuff which is undocumented. Specifically it quotes input to popen thus causing any redirection and other comand line stuff to be passed to the program that is being invoked as command parameters. Most of the stategies to simulate bidirectional pipes break because of this.
Jr Bedford wrote: > Okay, so I have the general idea that safe_mode On is a Good Thing [tm] and > that using safe_mode_exec_dir with it is a Better Thing. > > Unfortunately I am having difficulty locating any documentation that > describes exactly WHAT these to settings do. > > First: > ------ > Is safe_mode On only relevent in conjunction with safe_mode_exec_dir? In > other words, does safe_mode On merely restrict the use of system() calls? > Or does safe_mode On do other things, along the lines of suExec -- such as > making sure the .php file is owned by the user that owns the directory it > lives in, that it has certain file permissions, etc. etc. etc. Where can > I find documentation on this? > > Second: > ------- > What are the rules for safe_mode_exec_dir? Can I create a directory > called allowed-progs/ and then fill it with symLinks to various programs > throughout the file system that I will allow my users to call? Or will it > consider a symLink a security violation and not follow it? Can I list more > than one directory? Can I use wildcards such as /home/*/public_html/cgi ? > > Third: (This is a subset of question #2) > ----- > I have set: open_basedir /home/*/public_html > > What I REALLY want is more along the lines of /home/%u/public_html so that > the only thing allowed is stuff in the public_html directory of the OWNER > of the .php script being run. I'd also like to do with with the > safe_mode_exec_dir directory -- setting /home/%u/public_html/cgi > > Thanks. > > --JRB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
