 |
 |
 |
 |
|
|
Date: 01/30/01
- Previous message: rolf.lehmann <email protected>: "[PHP-DEV] PHP 4.0 Bug #8999: difference ftp_fget() cgi and module"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
From: henka <email protected>
Operating system: linux 2218
PHP version: 4.0.4pl1
PHP Bug Type: *Configuration Issues
Bug description: echo `cat /etc/passwd` -- bypasses open_basedir .
Even with open_basedir . configured in php.ini, the following bypasses it with concerning ease:
echo `cat /etc/passwd`;
The fact that open_basedir is in force is obvious when we try fopen ("/etc/passwd", "r"), etc - ie, the expected open_basedir error pops up.
Surely this is not a bug? If so, is there a way to disable backticks?
I'll wait for some kind of response before I send this to the usual support mailing lists.
-- Edit Bug report at: http://bugs.php.net/?id=9000&edit=1-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Previous message: rolf.lehmann <email protected>: "[PHP-DEV] PHP 4.0 Bug #8999: difference ftp_fget() cgi and module"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]