Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:40116 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 67844 invoked from network); 28 Aug 2008 06:07:11 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 28 Aug 2008 06:07:11 -0000 Authentication-Results: pb1.pair.com header.from=indeyets@gmail.com; sender-id=pass; domainkeys=bad Authentication-Results: pb1.pair.com smtp.mail=indeyets@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.46.30 as permitted sender) DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: indeyets@gmail.com X-Host-Fingerprint: 74.125.46.30 yw-out-2324.google.com Received: from [74.125.46.30] ([74.125.46.30:43152] helo=yw-out-2324.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 07/62-52130-C8046B84 for ; Thu, 28 Aug 2008 02:07:08 -0400 Received: by yw-out-2324.google.com with SMTP id 5so16456ywb.83 for ; Wed, 27 Aug 2008 23:07:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=3+MOp5TEmuaDOWfziu2YADj2VMS63clMGlUxCk7R8j4=; b=ljMwSUNeTHtPCLaZzQSygoyyB59PpbXz7khl7eiIwPN2yBgsEJbaENaLwF0ayfiZJR F2pJiHA9C4J5hkniCvHliyuPeIC/7YTuXQdMHMWGuYVCYse8Yg1PI4eJEmhOrhXUDZjp VYq6PbpLb7V79r4c8EjqxD0MIYk6Gg/ZMlwpo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=DicSRlHGhIavNbHEJ1oC5yEJYYu30y79nBayj0GkBoTXfbPQBE2eL37ITZrCPlLHH6 +sbY5a9i3YZnFxWQKOuW55DOmqy/uLSJxDc7ivDvpzoiH2nOMn4jst2ovv+vtoRxY04/ HXL9kV5PCzcjRb3Kmxopx2P+U7QRLZ9VCmQOg= Received: by 10.150.95.15 with SMTP id s15mr1536604ybb.112.1219903625075; Wed, 27 Aug 2008 23:07:05 -0700 (PDT) Received: by 10.150.186.11 with HTTP; Wed, 27 Aug 2008 23:07:05 -0700 (PDT) Message-ID: Date: Thu, 28 Aug 2008 10:07:05 +0400 To: "Stanislav Malyshev" Cc: "PHP Internals" In-Reply-To: <48B5CE4A.7000807@zend.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <48B5CE4A.7000807@zend.com> Subject: Re: [PHP-DEV] open_basedir + sessions bug (or a feature?) From: indeyets@gmail.com ("Alexey Zakhlestin") On Thu, Aug 28, 2008 at 1:59 AM, Stanislav Malyshev wrote: > Hi! > >> ext/sessions/mod_files.c:281 has a hardcoded openbasedir-check >> skipping of "/tmp" path for storing session-files, if >> sessions.save_path is not manually set. > > I would think the idea was to make it easier on inexperienced users. Since > default AFAIK is /tmp, and it is highly unlikely that somebody would need to > hide /tmp from the users, it makes more scenarios to work out of the box. > >> Anyway, this looks like something done wrong from the beginning. >> Shouldn't "/tmp" be explicitly added to open_basedir list? Why should >> it have any special meaning? >> I propose to remove special treatment of "/tmp" (should be mentioned >> in upgrade-docs) > > Is there any problem that this treatment is causing? I.e. on Mac the default > is different, but that's not a problem of this treatment - it's rather > missing special treatment of /var/tmp on mac, I'd say :) So Mac users don't > get this boon, but is it the reason to remove it form other users? The proper way is to explicitly specify "/tmp" in open_basedir, and, actually, there is quite a common practice of doing so. This "feature" we have was never documented. It was introduced in 5.2.2, so it wasn't there "forever" -- Alexey Zakhlestin http://blog.milkfarmsoft.com/