Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:22582 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 86818 invoked by uid 1010); 25 Mar 2006 17:14:57 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 86803 invoked from network); 25 Mar 2006 17:14:57 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Mar 2006 17:14:57 -0000 X-Host-Fingerprint: 70.85.46.36 unknown Received: from ([70.85.46.36:44435] helo=prohost.org) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id 5F/AA-11806-09A75244 for ; Sat, 25 Mar 2006 12:14:57 -0500 Received: (qmail 4933 invoked from network); 25 Mar 2006 17:14:53 -0000 Received: from prohost.org (HELO ?127.0.0.1?) (70.85.46.36) by prohost.org with SMTP; 25 Mar 2006 17:14:53 -0000 Message-ID: <44257A8C.8020408@prohost.org> Date: Sat, 25 Mar 2006 12:14:52 -0500 User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Rasmus Lerdorf CC: Sara Golemon , internals@lists.php.net References: <000a01c64fbc$cef29c50$88051fac@OHRLVN4523SG> <44257520.6070304@prohost.org> <4425761D.4020300@lerdorf.com> <44257764.4060406@prohost.org> <442577EF.2000908@lerdorf.com> In-Reply-To: <442577EF.2000908@lerdorf.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] open_basedir_for_include From: ilia@prohost.org (Ilia Alshanetsky) Rasmus Lerdorf wrote: > Yes, and in normal circumstances you wouldn't accidentally write to > places you aren't supposed to, just like in normal circumstances you > will have all your file permissions set correctly. And in normal > circumstances you would never have bugs in your code. Attempts to modify common include files are not very likely to be accidental. It is a bit hard to confuse include() with file_put_contents() ;-) Plus is you leave the file writable, what's to say you couldn't do: shell_exec("cp foo /lib/file/inc.php") ? Ilia