Thanks Johannes, you are really clear and I finally understand what's the problem. I'm following a big free web hosting service, I would like to enhance performance of customers webspache.
What do you think if: - set safe_mode off - remove open_basedir - disable_functions symlink, unlink - w/ functions: passthru, proc_close, proc_get_status, proc_nice, proc, exec, shell_exec, system, proc_open, popen, curl_multi_exec, parse_ini_file, show_source, set_time_limit, error_reporting, mail, fsockopen, ini_set 2010/7/13 Johannes Schlüter <johan...@schlueters.de> > On Tue, 2010-07-13 at 15:11 +0200, Vincenzo D'Amore wrote: > > thank you for reading my posts, *could anybody help me to > > understand why realpath cache is disabled if safe_mode or open_basedir > are > > set?* > > For security reasons. > > Assume the following (simplified) code: > > <?php > symlink('./bar', 'foo'); > access_bar_in_some_way_to_get_it_cached(); > unlink('bar'); > symlink('/', 'bar'); > do_bad_things_with_bar(); > ?> > > and suddenly you've bypassed the check as for do_bad_things_with_bar() > the cached value is used. Now I hear you say "then invalidate the cache > entries" or something like that, but well, there are so many ways to > achieve such a result (including from outside PHP) that the check won't > be reliable in any way anymore. > > That's the issue one has with security features on application level, > the operating system itself can implement it way more efficiently but > this doesn't (easily) work with a mod_php vhost config (solaris + > mod_privileges would be one way, probably linux + apparmor can do, > too ...) > > johannes > > > -- Vincenzo D'Amore email: v.dam...@gmail.com msn: free...@hotmail.com skype: free.dev mobile: +39 349 8513251