> > Well, safe_mode could prevent someone of doing a shell_exec("cat
> > /home/otheruser/web/config.php"); open_basedir can't do the same
> > thing.
>
> We were in a continual losing race against that sort of thing though.
> In pretty much every single release there have been ways to
> do this that got around safe-mode.
Because of bugs in the safe_mode implementation (forgetting some
checks?) or conceptual problems?
> I have always maintained that shared hosts should be running
> per-security context Apache instances as different users.
The problem with that is that it makes name-based virtual hosts pretty
pointless because each apache instance will at least need an ip address
on its own.
-mp.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
