Hello,

Just spent some time looking at --with-exec-dir and I found an
inconsistency between the value set by configure and that used
in main/main.c. configure sets PHP_SAFE_MODE_EXEC_DIR but
main.c uses SAFE_MODE_EXEC_DIR. This tiny patch fixes this.

Index: main/main.c

RCS file: /repository/php4/main/main.c,v
retrieving revision 1.547
diff -u -r1.547 main.c
--- main/main.c 16 Apr 2003 12:44:08 -0000 1.547
+++ main/main.c 22 Apr 2003 20:06:03 -0000
@@ -244,8 +244,8 @@

• PHP_INCLUDE_PATH
  */

-#ifndef SAFE_MODE_EXEC_DIR
-# define SAFE_MODE_EXEC_DIR "/"
+#ifndef PHP_SAFE_MODE_EXEC_DIR
+# define PHP_SAFE_MODE_EXEC_DIR "/"
#endif

#ifdef PHP_PROG_SENDMAIL

However, on a bigger note, doing a recursive grep through the
source for SAFE_MODE_EXEC_DIR doesn't find any uses of the
string besides the above code in main.c.

I think --with-exec-dir should be commented out in configure.in,
otherwise it leads to an expectation that it provides some security
that it really doesn't.

Best,
Blair

--
Blair Zajac blair@orcaware.com
Plots of your system's performance - http://www.orcaware.com/orca/