Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:54642
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 2017 invoked from network); 17 Aug 2011 11:14:05 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Aug 2011 11:14:05 -0000
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.42 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.213.42 mail-yw0-f42.google.com  
Received: from [209.85.213.42] ([209.85.213.42:48345] helo=mail-yw0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id DB/11-25504-C72AB4E4 for <internals@lists.php.net>; Wed, 17 Aug 2011 07:14:04 -0400
Received: by ywb3 with SMTP id 3so723801ywb.29
        for <internals@lists.php.net>; Wed, 17 Aug 2011 04:14:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=iojHNN75+1J0CfBKljanUmhURzWYPH9TRtNfkuzJEog=;
        b=tI87IlMNJuUo4h9u0NK19DeRfVVgeU67tftS9s/FLrd294WvgD1gi2yXQ65xhIGp0G
         F5vIOSMRHeQC2m2vNgge0BZ/VWmN6ZUM1yvVgiLKvhUiDPMyd0V3o8FZSCLXY2Wat5sX
         cpPkqSKgbVd61KrCK9J17yGlgyy5RTisElKYo=
MIME-Version: 1.0
Received: by 10.236.156.132 with SMTP id m4mr2825056yhk.204.1313579642123;
 Wed, 17 Aug 2011 04:14:02 -0700 (PDT)
Received: by 10.147.41.9 with HTTP; Wed, 17 Aug 2011 04:14:02 -0700 (PDT)
In-Reply-To: <4E4AE153.20704@thelounge.net>
References: <4E4AE153.20704@thelounge.net>
Date: Wed, 17 Aug 2011 13:14:02 +0200
Message-ID: <CAEZPtU5G_hdqA9pgD3Dw1Wk5dm7LbuoaN64JnE7b5PSBVga=-A@mail.gmail.com>
To: Reindl Harald <h.reindl@thelounge.net>
Cc: Mailing-List php <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] https://bugs.php.net/bug.php?id=52312
From: pierre.php@gmail.com (Pierre Joye)

On Tue, Aug 16, 2011 at 11:29 PM, Reindl Harald <h.reindl@thelounge.net> wrote:
> Hi
>
> https://bugs.php.net/bug.php?id=52312
>
> does the security-problem in combination with open_basedir only
> occur if there are symlinks created?
>
> * i guess in most secure setups "symlink" is disabled

For what I can see, almost no setup disables the symlink functions in
php, even less in the shell.

> * give us a option to bypass the check in such environments

Well, there are other better ways to control access than relying on
open_basedir. Permissions are on, that's why I would not add special
cases here.

Cheers,
-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org