Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:22585 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 51169 invoked by uid 1010); 26 Mar 2006 17:35:16 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 51153 invoked from network); 26 Mar 2006 17:35:16 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 26 Mar 2006 17:35:16 -0000 X-Host-Fingerprint: 213.237.67.135 213.237.67.135.adsl.by.worldonline.dk Linux 2.4/2.6 Received: from ([213.237.67.135:23836] helo=mail.ter.dk) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id 4B/60-37235-3D0D6244 for ; Sun, 26 Mar 2006 12:35:15 -0500 Received: from workpenguin (workpenguin [192.168.1.32]) by mail.ter.dk (Kaffemaskine) with SMTP id 5E88A8A4003; Sun, 26 Mar 2006 19:35:07 +0200 (CEST) To: ilia@prohost.org (Ilia Alshanetsky) Cc: internals@lists.php.net Date: Sun, 26 Mar 2006 19:34:55 +0200 Message-ID: <7qjd221uk4tcgqlmfb9vmopmnmc3cfn3p8@4ax.com> References: <000a01c64fbc$cef29c50$88051fac@OHRLVN4523SG> <44257520.6070304@prohost.org> <4425761D.4020300@lerdorf.com> <44257764.4060406@prohost.org> <442577EF.2000908@lerdorf.com> <44257A8C.8020408@prohost.org> In-Reply-To: <44257A8C.8020408@prohost.org> X-Mailer: Forte Agent 1.91/32.564 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] open_basedir_for_include From: penguin@php.net (Peter Brodersen) On Sat, 25 Mar 2006 12:14:52 -0500, in php.internals ilia@prohost.org (Ilia Alshanetsky) wrote: >Plus is you leave the file writable, what's to say you couldn't do: >shell_exec("cp foo /lib/file/inc.php") ? The possible exec restriction salvaged from safe_mode mentioned in <43874C56.8050007@lerdorf.com> ? This thread is mainly about a safety net for one's own code. But regarding restricting users, open_basedir is IMO useless if not backed up by some other methods (like restricting exec functions). --=20 - Peter Brodersen