Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:8613
Return-Path: <boulat@funio.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 73374 invoked by uid 1010); 19 Mar 2004 18:14:48 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 73334 invoked from network); 19 Mar 2004 18:14:48 -0000
Received: from unknown (HELO mail.funio.com) (66.199.166.4)
  by pb1.pair.com with SMTP; 19 Mar 2004 18:14:48 -0000
Recieved: (qmail 18551 invoked by uid 0); 19 Mar 2004 18:14:00 -0000
Received: from unknown (HELO www.funio.com) (66.199.166.104)
  by 0 with SMTP; 19 Mar 2004 18:14:00 -0000
Received: from 66.158.132.127
        (SquirrelMail authenticated user boulat@funio.com)
        by www.funio.com with HTTP;
        Fri, 19 Mar 2004 13:19:23 -0500 (EST)
Message-ID: <60174.66.158.132.127.1079720363.squirrel@www.funio.com>
In-Reply-To: <Pine.LNX.4.58.0403191007010.2205@thinkpad.lerdorf.com>
References: <61700.66.158.132.127.1079718509.squirrel@www.funio.com>
    <Pine.LNX.4.58.0403191007010.2205@thinkpad.lerdorf.com>
Date: Fri, 19 Mar 2004 13:19:23 -0500 (EST)
To: "Rasmus Lerdorf" <rasmus@php.net>
Cc: internals@lists.php.net
User-Agent: SquirrelMail/1.4.2
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3
Importance: Normal
Subject: Re: [PHP-DEV] new security related directive for php-4.3.4
From: boulat@funio.com

> So if your script is:
>
>   /path1/path2/path3/foo.php
>
> And your virtual_root_level is set to 2 then foo.php will be able to open
> files anywhere under /path1/path2
>
> How is that different from simply setting open_basedir to /path1/path2 ?
>
> Is it because you have a bunch of different paths for every user and you
> don't want to add all these to your open_basedir list?

Bingo, I have too many clients to add them all, instead determining the
value on the fly is the best way to go IMHO.

> It seems a bit
> fishy to me.  There is nothing wrong with have vhost-specific >open_basedir
> settings.

Agreed, but for me it seems that using that directive would save you time
and would make your vhost-specific settings shorter, especially if all
your virtual hosts are located in the same directory-tree.

>
> -Rasmus
>
>
> On Fri, 19 Mar 2004 boulat@funio.com wrote:
>
>> Hi internals,
>>
>> I added "virtual_root_level" new security related directive
>> into php-4.3.4.
>>
>> Full description with the patch can be found in here
>>
>> http://www.boulat.net/projects/virtual_root_level/
>>
>> Some feedback/comments would be appreciated.
>>
>> Regards,
>> Boulat
>>
>> --
>> PHP Internals - PHP Runtime Development Mailing List
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>