 |
 |
 |
 |
|
|
Date: 10/15/00
- Next message: Bug Database: "[PHP-DEV] PHP 4.0 Bug #7165 Updated: Trouble with configuration from httpd.conf"
- Previous message: steve <email protected>: "[PHP-DEV] PHP 4.0 Bug #7216: ftp_mkdir returns nothing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
From: afader <email protected>
Operating system: linux
PHP version: 4.0.2
PHP Bug Type: Feature/Change Request
Bug description: Security Problem with "include_dir" configuration
Okay - set up a common script directory. /home/httpd/phpi
in php.ini - set include_dir = .:/home/httpd/phpi
set safe_mode on.
Put a file into the directory. Call it "counter.inc"
make the owner of counter.inc any user and any group.
make a web page with a different user in the same group.
the web page cannot include("counter.inc"); you get a warning: SAFE MODE that uid 1 <> uid 2.
This makes it impossible to have shared php includes across multiple users.
- REQUEST -
Allow some way for SAFE MODE to ignore user matching on a selected directory (or set of directories.) Or ignore matching for a specific userid/or/groupid on the target files???
Or, let me know what I'm doing wrong???
- Thanks -
Alexander
p.s. PHP rules ;-)
-- Edit Bug report at: http://bugs.php.net/?id=7217&edit=1-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Bug Database: "[PHP-DEV] PHP 4.0 Bug #7165 Updated: Trouble with configuration from httpd.conf"
- Previous message: steve <email protected>: "[PHP-DEV] PHP 4.0 Bug #7216: ftp_mkdir returns nothing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]