The following reply was made to PR ports/138698; it has been noted by GNATS.
From: Miroslav Lachman <000.f...@quip.cz> To: bug-follo...@freebsd.org, andzi...@volt.iem.pw.edu.pl Cc: Subject: Re: ports/138698: lang/php5: PHP session.save_path vulnerability Date: Thu, 10 Sep 2009 13:14:32 +0200 I don't know what you are trying to solve. If PHP runs under user www (Apache), it can still read the content of the directory. If you want to disallow access to sessions of different domains (VirtualHosts), you can do it by using different session.save_path for each domain. In context of VirtualHost for www.domain1.tld: php_admin_value session.save_path /web/www.domain1.tld/tmp In context of VirtualHost for www.domain2.tld: php_admin_value session.save_path /web/www.domain2.tld/tmp _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"