Hi David & RC.
On 09/02/2013, at 7:03 AM, David Hahn <m...@sb9.com> wrote:
> On 2/8/2013 10:31 AM, Richard Barker wrote:
>> After installing a component in Joomla 2.5.9 I get this error when
>> trying to use that component.
>>
>> PHP Warning: require_once(): open_basedir restriction in effect.
>> File(/usr/share/pear/PEAR.php) is not within the allowed path(s):
>>
>> The site php path is this:
>> Open Basedir (Server):
>> /home/
>> /home/.sites/70/site4
>> /tmp/
>> /usr/sausalito/configs/php/
>> /var/lib/php/session/
>> /var/www/html/
>>
>> And the Open Basedir (Vsite):
>> is empty
>>
>> Thanks,
>> RC
>>
> Try using just '/' forward slash in the GUI. Open Basedir (Vsite): field
> This defeats the security of open base but allows the script to run.
> HTH
> David
Doesn't it make more sense to allow ONLY the directory you need for your app,
instead of disabling openbasedir security totally? If I had a user who had
trouble remembering his password, would I fix that by turning off passwords for
all users? I don't think so.
If you bypass openbasedir, a vulnerability in a PHP app in one vsite may be
able to modify files in more than just one vsite - especially if you are not
using suphp. Thats why openbasedir was invented. In the early days - Michael
blocked doing stuff like putting this to help keep people secure... but too
many people complained. I personally wish he did not relent and kept the logic
in there to stop this type of insecure configuration.
Lets think about what is actually required. The log says that
/usr/share/pear/PEAR.php is not in the allowed paths. Wouldnt it make more
sense to just add /usr/share/pear/ into the server wide allowed path? This will
keep this joomla module happy, and at the same time keep the server secure.
Regards,
Greg.
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
