hi, On Wed, Aug 17, 2011 at 2:13 PM, Reindl Harald <h.rei...@thelounge.net> wrote:
> defaults on all servers i maintain since 10 years > "popen" is disabled per vhost with "php_admin_value > suhosin.executor.func.blacklist" > since "disable_functions" is to dumb working on <Diretory>-directive > > disable_functions = "exec, passthru, shell_exec, system, proc_open, > proc_close, proc_nice, proc_terminate, > proc_get_status, pcntl_exec, apache_child_terminate, posix_kill, > posix_mkfifo, posix_setpgid, posix_setsid, > posix_setuid, mail, symlink" symlink is not disabled in most ISPs I work with or used (and that's quite a lot). >>> * give us a option to bypass the check in such environments >> >> Well, there are other better ways to control access than relying on >> open_basedir. Permissions are on, that's why I would not add special >> cases here > > if you are hosting some hundret domains there are not really > better ways since you will not add hundrets of system-users > while you have to deal with FTP/SFTP > > and exactly these setups for some hundret domains would benefit > most of the realpath-cache Besides the arguments already stated in the bug report, there is no chance that we will change this. All past attempts to "optimize" open_basedir (and before safemode) has ended as shooting ourselves in the knees. It is still too slow for your needs? Don't use it and rely on system's solutions (or web server, like on IIS or many fastcgis). It sounds bad but that's how it is. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
