On Wed, 2011-08-17 at 14:13 +0200, Reindl Harald wrote: > > Am 17.08.2011 13:14, schrieb Pierre Joye: > > On Tue, Aug 16, 2011 at 11:29 PM, Reindl Harald <h.rei...@thelounge.net> > > wrote: > >> Hi > >> > >> https://bugs.php.net/bug.php?id=52312 > >> > >> does the security-problem in combination with open_basedir only > >> occur if there are symlinks created? > >> > >> * i guess in most secure setups "symlink" is disabled > > > > For what I can see, almost no setup disables the symlink functions in > > php, even less in the shell. > > defaults on all servers i maintain since 10 years > "popen" is disabled per vhost with "php_admin_value > suhosin.executor.func.blacklist" > since "disable_functions" is to dumb working on <Diretory>-directive > > disable_functions = "exec, passthru, shell_exec, system, proc_open, > proc_close, proc_nice, proc_terminate, > proc_get_status, pcntl_exec, apache_child_terminate, posix_kill, > posix_mkfifo, posix_setpgid, posix_setsid, > posix_setuid, mail, symlink"
All that doesn't mean there can't be symlinks. Maybe they can't be created using PHP but they still could exist. johannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php