Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:1007
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Message-ID: <3EA5A4EB.EA9B163E@orcaware.com>
Date: Tue, 22 Apr 2003 13:24:11 -0700
MIME-Version: 1.0
To: internals@lists.php.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: [PATCH] --with-exec-dir defines
From: blair@orcaware.com (Blair Zajac)

Hello,

Just spent some time looking at --with-exec-dir and I found an
inconsistency between the value set by configure and that used
in main/main.c.  configure sets PHP_SAFE_MODE_EXEC_DIR but
main.c uses SAFE_MODE_EXEC_DIR.  This tiny patch fixes this.

Index: main/main.c
===================================================================
RCS file: /repository/php4/main/main.c,v
retrieving revision 1.547
diff -u -r1.547 main.c
--- main/main.c	16 Apr 2003 12:44:08 -0000	1.547
+++ main/main.c	22 Apr 2003 20:06:03 -0000
@@ -244,8 +244,8 @@
  * PHP_INCLUDE_PATH
  */
 
-#ifndef SAFE_MODE_EXEC_DIR
-#	define SAFE_MODE_EXEC_DIR "/"
+#ifndef PHP_SAFE_MODE_EXEC_DIR
+#	define PHP_SAFE_MODE_EXEC_DIR "/"
 #endif
 
 #ifdef PHP_PROG_SENDMAIL


However, on a bigger note, doing a recursive grep through the
source for SAFE_MODE_EXEC_DIR doesn't find any uses of the
string besides the above code in main.c.

I think --with-exec-dir should be commented out in configure.in,
otherwise it leads to an expectation that it provides some security
that it really doesn't.

Best,
Blair

-- 
Blair Zajac <blair@orcaware.com>
Plots of your system's performance - http://www.orcaware.com/orca/