Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:54652 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 42047 invoked from network); 17 Aug 2011 17:01:53 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 17 Aug 2011 17:01:53 -0000 Authentication-Results: pb1.pair.com smtp.mail=h.reindl@thelounge.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=h.reindl@thelounge.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thelounge.net designates 91.118.73.15 as permitted sender) X-PHP-List-Original-Sender: h.reindl@thelounge.net X-Host-Fingerprint: 91.118.73.15 mail.thelounge.net Windows 98 (1) Received: from [91.118.73.15] ([91.118.73.15:44320] helo=mail.thelounge.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 41/13-20534-EF3FB4E4 for ; Wed, 17 Aug 2011 13:01:51 -0400 Received: from rh.thelounge.net (rh.thelounge.net [10.0.0.99]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.thelounge.net (Postfix) with ESMTPSA id 57675B7 for ; Wed, 17 Aug 2011 19:01:48 +0200 (CEST) Message-ID: <4E4BF3FC.8080503@thelounge.net> Date: Wed, 17 Aug 2011 19:01:48 +0200 Organization: the lounge interactive design User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20110707 Thunderbird/5.0 MIME-Version: 1.0 To: internals@lists.php.net References: <4E4AE153.20704@thelounge.net> <4E4BB04C.3020200@thelounge.net> <4E4BBF43.7060100@thelounge.net> In-Reply-To: X-Enigmail-Version: 1.2 OpenPGP: id=7F780279; url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig795781C5E696203270D05FA3" Subject: Re: [PHP-DEV] https://bugs.php.net/bug.php?id=52312 From: h.reindl@thelounge.net (Reindl Harald) --------------enig795781C5E696203270D05FA3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Am 17.08.2011 16:25, schrieb Pierre Joye: > On Wed, Aug 17, 2011 at 3:16 PM, Reindl Harald = wrote: >=20 >> so if "realpath_cache" will not be fixed in combination with "open_bas= edir" >> it can be totally removed also for the handful of non-shared hosts >=20 > Again, as stated many times already, php is not alone on a webserver. > Many other tools or apps can and will create symbolic links, on > purpose or not (flaws). There is no chance that we will ever cache > open_basedir checks. There are alternative solutions as well again: if someone knows his setup he knows if anything else could create symlinks and as long there is no access outside PHP for 250 domains on our mainserver using all the same cms and only two admins have access it is pretty safe skip the symlink-check there is NO possibility to get ever a symlink in a webspace --------------enig795781C5E696203270D05FA3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5L8/wACgkQhmBjz394AnkoKwCePU6IpDG/JTvIl081jqToLAYm UtIAoISWPzyE+3IygQkxs2RsHRstAhQO =d0QQ -----END PGP SIGNATURE----- --------------enig795781C5E696203270D05FA3--