No new features are being accepted into the 4.3.X tree, only bug fixes.
The patch itself seems to duplicate the open_basedir functionality anyway.Ilia
Its not really duplicating anyting in open_basedir. As a metter of fact it
is meant to be used together with open_basedir for best results.
ISP and people doin mass hosting would mainly benefit from that patch.
For example if I had all my domains hosted in /home then setting /home in
open_basedir will not let customers get out of /home,
but they would still be able to read each others documents.
php scripts in /home/domain1.com could still read files located in
/home/domain2.com , so in other words setting
open_basedir = /home
wont prevent users locate inside /home from snooping on each others data.
thats the main reason why I wrote that patch.
As for "No new features are being accepted into the 4.3.X tree" I can
create a patch for testing for any other php tree if needed.
Cheers,
Boulat.
Hi internals,
I added "virtual_root_level" new security related directive
into php-4.3.4.Full description with the patch can be found in here
http://www.boulat.net/projects/virtual_root_level/
Some feedback/comments would be appreciated.
Regards,
Boulat--
Delete & Prev | Delete & Next
Move to: INBOX INBOX.Drafts INBOX.Sent INBOX.Trash INBOX.infected
Its not really duplicating anyting in open_basedir. As a metter of
fact it
is meant to be used together with open_basedir for best results.ISP and people doin mass hosting would mainly benefit from that patch.
By using open_basedir in combination with cPanel (commercial hosting
automation product) my company (an ISP) prevents users from reading
files outside of their own /home directory.
Since cPanel is able to handle automagic deployment of open_basedir I
would like to suggest to invest your time in creating an open source
alternative to this closed source functionality, instead of reinventing
open_basedir.
Regards,
Filip de Waard